Message Image

Skip main navigation (Press Enter).

Symantec IGA

Back to discussions

Expand all | Collapse all

CA Identity Manager - map group membership to users' multi-value attribute - %MEMBER_OF%

Jump to Best Answer

David MatejuMar 01, 2018 04:39 AM

Colleagues, we are trying to map group membership to users' multi-value attribute, but it does not as ...

Praveen JainMar 02, 2018 04:02 PMBest Answer

I think mapping attributes in Account template is not best suited for AD Group membership addition/removal. ...

1. CA Identity Manager - map group membership to users' multi-value attribute - %MEMBER_OF%

0 Recommend
Broadcom Employee

David Mateju
Posted Mar 01, 2018 04:39 AM

Reply Reply Privately
Colleagues, we are trying to map group membership to users' multi-value attribute, but it does not as expected. If we set up Active Directory Account Template mapping directly in LDAP, the account template only maps the first value of the multi-value attribute. The user console or provisioning manager does not allow us to specify the mapping to the user attribute. The documentation of CA IM also does not seem to properly deswcribe this use-case.
Any help will be appreciated. Thank you!
2. Re: CA Identity Manager - map group membership to users' multi-value attribute - %MEMBER_OF%
Best Answer

1 Recommend
Broadcom Employee

Praveen Jain
Posted Mar 02, 2018 04:02 PM

Reply Reply Privately
I think mapping attributes in Account template is not best suited for AD Group membership addition/removal. You are best with using PX to handle this. Here is a post on how to use PX to assign AD group to a user:

@Make a user a member of Active Directory Group via Policy Xpress.. #assignadgroupspx

Copyright 2023. All rights reserved.

Powered by Higher Logic