[midPoint] Midpoint - Manager at Identity Level

mikhail.nikolaenko mikhail.nikolaenko at proton.me
Fri Apr 4 11:11:39 CEST 2025 

Hello Manikanta,

I am also very new to the midPoint but what comes to my mind is following:

- You can create a custom attribute on a person level - for example: supervisor
- In the person form you then can provide supervisor's email or any other ID. How to implement this in a best way, I do not know as I did not try yet search filters for attributes in the forms but this should be possible as I understood.
- In the policy you use this value for approver audience. As I understood you can use script inside approverExpression:
<approverExpression>
<trace>true</trace>
<script>
<code>midpoint.getManagersOidsExceptUser(object) <- here get supervisor instead using your own code</code>
</script>
</approverExpression>

With best regards,
Mike

On Thursday, 3 April 2025 at 9:47 AM, Mani Pasarla via midPoint <midpoint at lists.evolveum.com> wrote:

> Hello All,
>
> Does anyone have any suggestions or feedback on the following query?
>
> “We are currently setting up MidPoint in our lab environment and working on a few IGA use cases for the demo. Based on the current setup, I see that the manager is configured at the organization level, where all manager approvals are routed to the common manager during access requests and access reviews. However, I wanted to check if it is possible to associate the manager identity object at the individual identity level instead of the organization level. Can you confirm if this is possible and let us know if any specific configurations are required to achieve it?”
>
> Regards,
>
> Manikanta
>
> From: Mani Pasarla
> Sent: Thursday, 27 March 2025 7:17 pm
> To: midpoint at lists.evolveum.com; midpoint-dev at lists.evolveum.com
> Subject: Midpoint - Manager at Identity Level
>
> Hi all,
>
> We are currently setting up MidPoint in our lab environment and working on a few IGA use cases for the demo. Based on the current setup, I see that the manager is configured at the organization level, where all manager approvals are routed to the common manager during access requests and access reviews. However, I wanted to check if it is possible to associate the manager identity object at the individual identity level instead of the organization level. Can you confirm if this is possible and let us know if any specific configurations are required to achieve it?
>
> Regards,
>
> Manikanta
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20250404/547c6e2b/attachment-0001.htm>

More information about the midPoint mailing list