[midPoint] Unexpected direct assignment to user
Сергей Коновалов
becauseofug at gmail.com
Thu May 2 14:58:47 CEST 2024
Hello!
I'm stuck with a problem that I can't solve.
I assign a role to a user. This role contains the AD group through
inducements. It creates BOTH direct and indirect assignments to the user.
Then, when a role is revoked, the indirect assignment is revoked, but the
direct assignment still exists.
I'm trying to ensure that when assigning a role with an Active Directory
group to a user, only an indirect assignment is created.
This may be due to the association block in the connector settings.
The definition of the inbound rule in the association section is one to one
as in example number two from here
https://docs.evolveum.com/midpoint/reference/support-4.8/expressions/mappings/inbound-mapping/
.
Using this rule, I synchronize the assignments of accounts changed directly
on the target system, bypassing IDM.
Does anyone have any ideas on how to implement this?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20240502/8d6fa585/attachment.htm>
More information about the midPoint
mailing list