Skip to Content
0

How to create a Dynamic Group in Identity Centre?

Feb 14, 2017 at 09:21 PM

245

avatar image

I am trying to map a static AD Group across and create a Dynamic Group within IdC. How do I do this and which attributes/fields need populating within the Dynamic Group entry, to pick up the underlying AD group?

Then as far as the AD group members go, some of the documentation talks about the need for the MX_TARGET_FILTER and MX_TARGET_DEFINITION fields to be populated but there is no guidance on what they need to be set to. In certain docs it also mentions the fact that these attributes are not in use yet, but is that the case please?

This is IdC 8.0 SP8.

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

8 Answers

Steffi Warnecke
Feb 15, 2017 at 09:45 AM
0

Hello Nick,

so... what have you tried so far and where are you stuck? Can you please provide some more info and screenshots?

MX_TARGET_FILTER = contains the SQL query that finds the content for your dynamic group.

.

I remember from training (we are on 7.2, so no real experience on 8.0) that creating and managing dynamic groups became a lot more complicated in 8.0, because they were removed from the MMC / Eclipse plugin and the management is only available via UI masks. At least that's my latest information.

So if you have the correct permissions, you should have a look at those UI masks for the dynamic groups and go from there.

.

Regards,

Steffi.

Share
10 |10000 characters needed characters left characters exceeded
Nick Bourne Feb 15, 2017 at 04:17 PM
0

OK so we follow the steps in the SAP documentation for creating a Dynamic Group, give it a name description etc....

Then when we choose Simple or Advanced on the query to bring back members, we have had no success. The underlying AD group is called o800003 and we have tried this as the cn value, the full DN from AD, without luck.

I come more from an LDAP background.... :-(

Show 2 Share
10 |10000 characters needed characters left characters exceeded

No worries, in my heart I'll forever be an system administrator, too. ;)

In 8.0 you can't (by design, because that makes everything easier, says SAP) fill MX_TARGET_FILTER yourself, IDM will do it for you. That should be the read-only field you see at the bottom of the UI mask and contains an SQL query that IDM created out of whatever you put into the fields above.

Can you show a screenshot of your input there? It's a lot easier to help if we can see what you see.

0
sap-issue.jpg

This is a generic screenshot of what is there.... Ideally I would like to bring anyone that has a cn (LDAP) value populated within the group cn=o80003 back and into the SAP Dynamic Group.

Thanks

sap-issue.jpg (56.6 kB)
0
Nick Bourne Feb 15, 2017 at 04:21 PM
0
Share
10 |10000 characters needed characters left characters exceeded
Nick Bourne Feb 15, 2017 at 04:31 PM
0

We need step by step instructions on how to create and populate a dynamic group please as the documentation isnt the best. thanks.

Share
10 |10000 characters needed characters left characters exceeded
C Kumar Feb 16, 2017 at 07:50 AM
0

Hello Nick,

Creation of Dynamic Group is very easy in SAP IDM. Just you have to take care that the Query written in the Target Definition is right and returning the proper results. Re-run the target filter query in your DB and check and verify whether it is returning proper results.

Please check my comments in the article which you have followed to create the Dynamic Group.

Regards,

C Kumar

Share
10 |10000 characters needed characters left characters exceeded
Nick Bourne Feb 16, 2017 at 04:28 PM
0

C Kumar, thanks for the reply. I have read your article many times up to this point and still cannot get it to work.

Share
10 |10000 characters needed characters left characters exceeded
Nick Bourne Feb 16, 2017 at 06:46 PM
0

This is the query we have which will bring back the users within the group but how then do we get this into the TARGET_FILTER using either Simple or Advanced please? We are trying to bring back the members of the o80003 group....

SELECT C.mcDisplayName, C.mcmskeyvalue FROM idmv_entry_simple B, mxi_link A, idmv_entry_simple C

where B.mcIDStore=1

AND B.MCMSKEYVALUE = 'GROUP:AD_LAB:o80003'

AND B.mcmskey = A.mcOtherMSKEY

AND A.mcThisMSKEY = C.mcMSKEY

Share
10 |10000 characters needed characters left characters exceeded
C Kumar Feb 23, 2017 at 06:31 PM
0

Hello Nick,

Check this blog to know about the steps to create SAP IDM Dynamic Groups.

Regards,

C Kumar

Share
10 |10000 characters needed characters left characters exceeded