[midPoint] How to create a conditional inducement on an Org

Stefano Belluomini | EI stefano at everythinginfo.cloud
Tue Jul 5 04:20:16 CEST 2022 

Hi Community,

I am trying to create a conditional inducement on an organisation, so that depending on the type of relation the User has to the organisation, will determine which inducement will apply. We would like to manage the membership of Microsoft 365 Groups based on the user's assignment to a specific organisation. So, if the user is a member, they are added as a member of a specific M365 Group and if they are assigned as the relation="org:manager", then they are added as an owner to that same M365 Group. We have the inducement construction working as we want, but of course assigning two inducements to the same organisation without any conditional logic, just results in both inducements being applied to an assigned user.

I am struggling to develop the condition to make this work. I have developed a query that will return the UID of the user if they are assigned as a member of the org, but cannot work out how to use this in the conditional logic within the inducement.

 My Inducement on the org object is as follows:

    <inducement>
        <construction>
            <resourceRef oid="052f1f9a-34c3-4e9e-b011-7b1d1528e202" relation="org:member" type="c:ResourceType">
                <!-- Azure AD -->
            </resourceRef>
            <kind>account</kind>
            <association>
                <ref>ri:m365-member</ref>
                <outbound>
                    <expression>
                        <value xmlns="">
                            <shadowRef xmlns="">
                                <oid>57f29a9f-65d8-49b5-8a1b-294fa8266422</oid>
                            </shadowRef>
                        </value>
                    </expression>
                </outbound>
            </association>
        </construction>
        <focusType>c:UserType</focusType>
    <condition>
      <!-- Help needed -->
    </condition>
    </inducement>

I understand the conditional logic sits within the inducement block itself, alongside the focusType constraint, which we have also specified.

My query is below, which will return users who have been assigned as a member of a specific org is below. I just need some help tying the two together:

<query xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3">
    <filter>
       <or>
           <ref>
               <path>assignment/targetRef</path>
               <value relation="org:default" oid="e0e38cd2-f385-43cd-b293-10efe5369549"/>
           </ref>
            <ref>
               <path>assignment/targetRef</path>
               <value relation="org:member" oid="e0e38cd2-f385-43cd-b293-10efe5369549"/>
           </ref>
       </or>
    </filter>
</query>

Thank you

Regards,
Stefano
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20220705/92e181a7/attachment.htm>

More information about the midPoint mailing list