This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Managing AD group

Hi,

What is the easiest way to manage AD Group membership from the Web Portal? Should we use application Role?

I thought having "group owner" for the AD group was enough, but does not seem like it.

I created application role with the permission group "vi_4_ITSHOP_ATTESTOR" and now he is able to add/remove membership for the AD group in the Web Portal.

Except he cannot remove users from the group who has "direct membership".

Resolution?

Top Replies

carsten.paul over 7 years ago +1

Hi Ulrik

This is by design and its appropriate: only requested memberships can be handled through IT-Shop. Direct assignments can be handled by the admins using the manager tool.

A approach for an resolution…

Parents

0 carsten.paul over 7 years ago

Hi Ulrik

This is by design and its appropriate: only requested memberships can be handled through IT-Shop. Direct assignments can be handled by the admins using the manager tool.

A approach for an resolution might be the following: create requests for those groupmemberships using the according method (depending on the version of Identity Manager you are using). These methods are built for exactly that issue.

HTH
Carsten
Cancel
Up +1 Down

Cancel

Reply

0 carsten.paul over 7 years ago

Hi Ulrik

This is by design and its appropriate: only requested memberships can be handled through IT-Shop. Direct assignments can be handled by the admins using the manager tool.

A approach for an resolution might be the following: create requests for those groupmemberships using the according method (depending on the version of Identity Manager you are using). These methods are built for exactly that issue.

HTH
Carsten
Cancel
Up +1 Down

Cancel

Children

No Data