cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP IDM 8.0 Dynamic Groups doesnt resolve users

former_member302881
Explorer

on ‎02-15-2017 2:18 PM

0 Kudos

Hi,

I am trying to create a Dynamic Group in SAP IDM based on the Active Directory group. The issue I have is I dont see any users assigned to the Dynamic group based on the membership for AD Group. I have followed the steps as in one of the threads and still not able to get the users assigned to dynamic group. Please let me know whats the missing piece is?

Please see below steps for my config:

Show replies
Show replies
Steffi_Warnecke
Active Contributor
‎03-01-2017 1:58 PM
0 Kudos

Hello Pavan,

if your issue is resolved, please don't forget to accept the best answer, upvote helpful onces and thus close this questions, so others with the same issue can find the answer. 🙂

.

Regards,

Steffi.

Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Ckumar
Contributor
‎02-23-2017 6:29 PM
0 Kudos

Hello Pavan,

I just wrote a blog on SAP IDM Dynamic Group. Hope it will helpful to resolve your issue.

Regards,

C Kumar

Show replies
Show replies
former_member302881
Explorer
‎02-27-2017 2:56 PM
0 Kudos

Thank you.. That's a great Blog. Now I am having another issue and it might be something basic I am missing. When I try to create a Identity Store I am not able to create it as my OK button is greyed out. Please help.

Ckumar
Contributor
‎02-27-2017 5:57 PM

Hello Pavan,

If the issue raised in this thread has been fixed then please close the thread by marking/updating the correct answer.

For any new issue, please open a new thread with proper details and supporting screenshots.

Regards,

C Kumar

Steffi_Warnecke
Active Contributor
‎02-15-2017 3:27 PM
0 Kudos

Hello Pavan,

is ID store No.1 really your used store?

Did your SQL statement return results when you tried it directly in the database via SQL developer or similar tools?

Also: If I read your query correctly, you look for the mskey of the AD group, not the mskeys of its members...

You have to change your query to look for the members of that group (try idmv_vallink_basic).

.

Regards,

Steffi.

Show replies
Show replies
former_member302881
Explorer
‎02-15-2017 8:59 PM
0 Kudos

Hi Steffi, Thanks for the response. I have verified the SQL statement and it does get me the mckey for the groups. And my ID store is 1. I think you are right on that the query should look for members of group but I am sorry not sure how to create a dynamic group to look for members of the group. Please clarify if you referred to the query in the resolve dynamic group source or in the target definition of the Dynamic group.

Please help me with the query if you could. Appreciate the advice.

Steffi_Warnecke
Active Contributor
‎02-15-2017 11:31 PM
0 Kudos

Hello Pavan,

I was talking about the target filter of the dynamic group itself.

You should create its SQL query in the SQL developer (looks like you are on Oracle) and if you get the correct results there, transfer it to the dynamic group target filter. That's easier IMO, because then you know which attributes you need.

Like I wrote in my last reply: Have a look at the view "idmv_vallink_basic". Select for one mskey of one of the AD groups and look at the attributes and searchvalues you get. Then go from there.

.

Regards,

Steffi.

Ckumar
Contributor
‎02-16-2017 7:26 AM
0 Kudos

Hello Pavan,

Steffi is right, please modify your SQL query and run it in SQL developer (for Oracle) first and verify that it is returning the correct results.

Please also focus on following points while writing target filter for Dynamic Group

  • I can see you are using a view of idmv_entry_sinmple with the name B but later there is no mention of B, so better omit this B from your query.
  • If you want the member of Dynamic group should be users then your query must return those users. Members get added to Dynamic group based on the Target filter output.

Regards,

C Kumar

Ask a Question