Currently we have to manually sync the IAM User Groups when a User Group Type “Windows domain” is configured. This can easily be forgotten and also other people are maintaining the AD-groups then people who have access to IAM within our organization.
It would be great if this sync can be scheduled so we can avoid that IAM access is needed in case an AD-group has been adjusted.
+23+23Hi
With Indicium it is possible to make use of its API. This allows you to run the Import active directory group task (import_active_directory_grp) with the required values. But...
To schedule the sync, it is probably more handy to use a System flow for this in an application built by yourself. This allows you to add even more steps if needed. The system flow should make use of the Application connector with which you can run queries on the IAM application. The SQL query needed would look something like this (the variables inside this query should be replaced by of filled with the desired values):
exec task_import_active_directory_grp @tenant_id, @usr_grp_id, @active_directory_grp_name, @active_directory_domain_name, @net_bios_domain_name, @user_name, @password The chain of process flow actions would be Start > Decision > Application connector > Stop
In the Decision node, you can get the necessary values for all task parameters and combine it into an SQL statement. Place this inside a @sql variable and connect this to the Application connector Query input parameter. As for Application alias, you can simply specify "iam”.
Would that suffice for the idea?
+23Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.