[midPoint] w can we get assignment of roles and groups inside the user?

Aditya Kumar aditya.kumar at cloudeq.com
Thu Mar 5 12:51:42 CET 2026 

How can we get assignment of roles and groups inside the user?

Can you share the mapping or any other requirement I have connected the azure AD trough MS graph connector , user imported, group imported and custom roles imported?

Aditya Kumar
Sr. Cloud Monitoring Engineer I
+91-809-062-1007| Aditya.kumar at cloudEQ.com

www.cloudeq.com
The People Who Power Digital Transformation

-----Original Message-----
From: midPoint <midpoint-bounces at lists.evolveum.com> On Behalf Of midpoint-request at lists.evolveum.com
Sent: 05 March 2026 17:15
To: midpoint at lists.evolveum.com
Subject: midPoint Digest, Vol 167, Issue 6

[EXTERNAL EMAIL] DO NOT CLICK links or attachments unless you recognise the sender and know the content is safe. Double check the sender if the request is unusual.

Send midPoint mailing list submissions to
        midpoint at lists.evolveum.com

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.evolveum.com/mailman/listinfo/midpoint
or, via email, send a message with subject or body 'help' to
        midpoint-request at lists.evolveum.com

You can reach the person managing the list at
        midpoint-owner at lists.evolveum.com

When replying, please edit your Subject line so it is more specific than "Re: Contents of midPoint digest..."


Today's Topics:

   1. R:  Resource doesn't link accounts (Lucio Fioramonti)
   2. Re: R:  Resource doesn't link accounts (Ivan Noris)


----------------------------------------------------------------------

Message: 1
Date: Thu, 5 Mar 2026 11:31:35 +0000
From: Lucio Fioramonti <lucio.fioramonti at cybertech.eu>
To: "midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
Subject: [midPoint] R:  Resource doesn't link accounts
Message-ID:
        <PA6PR01MB11974202DD35F6115758357A1E17DA at PA6PR01MB11974.eurprd01.prod.exchangelabs.com>

Content-Type: text/plain; charset="iso-8859-9"

Hello Ivan, thank you for the reply. I have set Person as archetype. Now I have removed the archetype from the Object Type and it works: now I have the preview and the Unlinked status.

So should I omit the archetype or to have users of the same archetype for a correct correlation?

Thanks

________________________________
Da: midPoint <midpoint-bounces at lists.evolveum.com> per conto di Ivan Noris via midPoint <midpoint at lists.evolveum.com>
Inviato: gioved? 5 marzo 2026 08:35
A: midpoint at lists.evolveum.com <midpoint at lists.evolveum.com>
Cc: Ivan Noris <ivan.noris at evolveum.com>
Oggetto: Re: [midPoint] Resource doesn't link accounts

Hi Lucio, it would help if you describe your environment more: 1. what are your synchronization rules? 2. are you using archetypes in midPoint? In Basic configuration of your object type, in the last page, where you specify "User" as the type, ZjQcmQRYFpfptBannerStart
*** Avviso di sicurezza: Questa email proviene dall'esterno dell'organizzazione. Non cliccare su link n? aprire allegati a meno che tu non abbia verificato l'indirizzo del mittente e confermato che il contenuto sia sicuro! ***
*** Security Warning: This email originated from outside of the organization. Do not click links or open attachments unless you verified the sender mail address and know the content is safe! ***

ZjQcmQRYFpfptBannerEnd

Hi Lucio,

it would help if you describe your environment more:


1. what are your synchronization rules?

2. are you using archetypes in midPoint? In Basic configuration of your object type, in the last page, where you specify "User" as the type, are you also using archetype (e.g. Person)? Does this archetype match the users already in midPoint?

(Correlation uses the archetype information during matching, if you have specified that you want to use archetype).

3. what is the Lifecycle state of the resource / Object type / all other configuration in the resource?


Best regards,

Ivan


On 3/4/26 14:29, Lucio Fioramonti via midPoint wrote:
Hello, I have a database resource (Postgresql) created from scratch by using the wizard. Resource objects (accounts) are visibile in Midpoint console, correlation rule, synchronization (with no rule for unmatched) and mapping are in place. There are corresponding users and the correlation is mailny based on emailAddress (exact match).

When I ask for Import Preview, no results appear (white page!). Only result is possible if I add unmatched rule in synchronization config (unmatched --> add focus), but, obviously, an add action fo user object appear.

Why the correlation doesn't link the account? Why the preview appears blank? Are there any db resourxe example with correlation and synch config?

Thanks in advance.



_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
https://lists.evolveum.com/mailman/listinfo/midpoint<https://urldefense.com/v3/__https://lists.evolveum.com/mailman/listinfo/midpoint__;!!LQkDIss!TQzF0GutWXxXaFCVP6CR4oBxXdXQBIIphcNUqZ5vyxNjT7gGOi0PtJ9EFraesC95H8Q9Wu7uV8T1iAY18cS0rVUPRlgPmjD8Lw$>


--
Ivan Noris
Expert Identity Engineer
evolveum.com<https://urldefense.com/v3/__http://evolveum.com__;!!LQkDIss!TQzF0GutWXxXaFCVP6CR4oBxXdXQBIIphcNUqZ5vyxNjT7gGOi0PtJ9EFraesC95H8Q9Wu7uV8T1iAY18cS0rVUPRlj8zavrvQ$>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20260305/f70b6d2e/attachment-0001.htm>

------------------------------

Message: 2
Date: Thu, 5 Mar 2026 12:45:17 +0100
From: Ivan Noris <ivan.noris at evolveum.com>
To: Lucio Fioramonti <lucio.fioramonti at cybertech.eu>,
        "midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
Subject: Re: [midPoint] R:  Resource doesn't link accounts
Message-ID: <f45a193a-9e5f-4394-a4af-190ab33ec47f at evolveum.com>
Content-Type: text/plain; charset="utf-8"; Format="flowed"

Hi Lucio,


the thing is: if you specify the correlation rule AND you also have set Archetype in the (last page of) object type configuration, they are used together. Correlation will only match objects (e.g. users) with that archetype. If the are users which would match but do not have that archetype, they won't be considered as candidate owners.


What is the situation with archetypes in your environment? Is this particular resource a source or a target resource?

Are there other resources, which create users and assign Person archetype?

Are there users without Person archetype?


Best regards,

Ivan


On 3/5/26 12:31, Lucio Fioramonti wrote:
> Hello Ivan, thank you for the reply. I have set Person as archetype.
> Now I have removed the archetype from the Object Type and it works:
> now I have the preview and the Unlinked status.
>
> So should I omit the archetype or to have users of the same archetype
> for a correct correlation?
>
> Thanks
>
> ----------------------------------------------------------------------
> --
> *Da:* midPoint <midpoint-bounces at lists.evolveum.com> per conto di Ivan
> Noris via midPoint <midpoint at lists.evolveum.com>
> *Inviato:* gioved? 5 marzo 2026 08:35
> *A:* midpoint at lists.evolveum.com <midpoint at lists.evolveum.com>
> *Cc:* Ivan Noris <ivan.noris at evolveum.com>
> *Oggetto:* Re: [midPoint] Resource doesn't link accounts Hi Lucio, it
> would help if you describe your environment more: 1. what are your
> synchronization rules? 2. are you using archetypes in midPoint? In
> Basic configuration of your object type, in the last page, where you
> specify "User" as the type, ZjQcmQRYFpfptBannerStart
> *** Avviso di sicurezza: Questa email proviene dall'esterno
> dell'organizzazione. Non cliccare su link n? aprire allegati a meno
> che tu non abbia verificato l'indirizzo del mittente e confermato che
> il contenuto sia sicuro! ***
> *** Security Warning: This email originated from outside of the
> organization. Do not click links or open attachments unless you
> verified the sender mail address and know the content is safe! ***
> ZjQcmQRYFpfptBannerEnd
>
> Hi Lucio,
>
> it would help if you describe your environment more:
>
>
> 1. what are your synchronization rules?
>
> 2. are you using archetypes in midPoint? In Basic configuration of
> your object type, in the last page, where you specify "User" as the
> type, are you also using archetype (e.g. Person)? Does this archetype
> match the users already in midPoint?
>
> (Correlation uses the archetype information during matching, if you
> have specified that you want to use archetype).
>
> 3. what is the Lifecycle state of the resource / Object type / all
> other configuration in the resource?
>
>
> Best regards,
>
> Ivan
>
>
> On 3/4/26 14:29, Lucio Fioramonti via midPoint wrote:
>> Hello, I have a database resource (Postgresql) created from scratch
>> by using the wizard. Resource objects (accounts) are visibile in
>> Midpoint console, correlation rule, synchronization (with no rule for
>> unmatched) and mapping are in place. There are corresponding users
>> and the correlation is mailny based on emailAddress (exact match).
>>
>> When I ask for Import Preview, no results appear (white page!). Only
>> result is possible if I add unmatched rule in synchronization config
>> (unmatched --> add focus), but, obviously, an add action fo user
>> object appear.
>>
>> Why the correlation doesn't link the account? Why the preview appears
>> blank? Are there any db resourxe example with correlation and synch
>> config?
>>
>> /Thanks in advance./
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> https://lists.evolveum.com/mailman/listinfo/midpoint
>> <https://urldefense.com/v3/__https://lists.evolveum.com/mailman/listi
>> nfo/midpoint__;!!LQkDIss!TQzF0GutWXxXaFCVP6CR4oBxXdXQBIIphcNUqZ5vyxNj
>> T7gGOi0PtJ9EFraesC95H8Q9Wu7uV8T1iAY18cS0rVUPRlgPmjD8Lw$>
> --
> Ivan Noris
> Expert Identity Engineer
> evolveum.com
> <https://urldefense.com/v3/__http://evolveum.com__;!!LQkDIss!TQzF0GutW
> XxXaFCVP6CR4oBxXdXQBIIphcNUqZ5vyxNjT7gGOi0PtJ9EFraesC95H8Q9Wu7uV8T1iAY
> 18cS0rVUPRlj8zavrvQ$>

--
Ivan Noris
Expert Identity Engineer
evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20260305/9330b010/attachment.htm>

------------------------------

Subject: Digest Footer

_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
https://lists.evolveum.com/mailman/listinfo/midpoint


------------------------------

End of midPoint Digest, Vol 167, Issue 6
****************************************
Confidentiality Notice: This electronic mail transmission may contain information that is confidential, privileged, proprietary, or otherwise legally exempt from disclosure. If you are not the intended recipient, you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this message, any part of it, or any attachments. If you have received this message in error, please delete this message and any attachments from your system without reading the content and notify the sender immediately of the inadvertent transmission. There is no intent on the part of the sender to waive any privilege. Thank you for your cooperation.

More information about the midPoint mailing list