• State Verified Answer
  • Replies 3 replies
  • Subscribers 95 subscribers
  • Views 180 views
  • Users 0 members are here
Options
Related

Application entitlement (AD group) inherited by all AD Accounts

tomas hudecek_41587
1 month ago

Hello,

In our environment we have multiple applications with application entitlements which are AD groups. 

We have one primary user identity. Users are able to request through web portal additional AD account but each from different domain, not from the same.

When user has multiple AD account assigned and when request application entitlement the entitlement is assigned to all (inherited) AD accounts.

example

Identity has AD account XX and AD account ZZ

We have application entitlement which is ad group from AD domain XX

User identity get assigned this application entitlement and it is inherited by AD account XX but also by AD account ZZ.

Is it possible to anyhow control that only correct AD account will get the entitlement?

Thank you!

Parents
  • 0 1 month ago

    Before this post was approved I solved it now with the categorisation, so I assigned for each domain own category position for Accounts and Groups,I also modify account definition that it adding the correct category to the accounts and assign th category to all AD groups we are using in IT Shop, it works now as expected BUT, if someone will add new application entitlement with new AD group, they will need to not forget add also group category, I'd be happy if there is any more not hardcoded solution.

Reply
  • 0 1 month ago

    Before this post was approved I solved it now with the categorisation, so I assigned for each domain own category position for Accounts and Groups,I also modify account definition that it adding the correct category to the accounts and assign th category to all AD groups we are using in IT Shop, it works now as expected BUT, if someone will add new application entitlement with new AD group, they will need to not forget add also group category, I'd be happy if there is any more not hardcoded solution.

Children
No Data