Configuring Roles in ForgeRock OpenIDM 4

Merry Christmas!

For those interested to know how to configure Roles in ForgeRock OpenIDM, here’s my Christmas gift. A video at the end of this post will walk you through the installation of both ForgeRock OpenIDM and ForgeRock OpenDJ, configure the latter as an external resource in OpenIDM, performing reconciliation to bring in users from OpenDJ to OpenIDM. That’s not it, because all of that I’ve shown you earlier as well. Then, what’s more? Here it is:

So we go on and create Roles in OpenIDM, which has Managed Assignments that in turn has Attributes associated with an external resource (ForgeRock OpenDJ). So when a Role is assigned to a user in OpenIDM, based on the value of Attribute that is attached to the Role, the user will be subscribed to a group in the OpenDJ. If it sounds confusing,please don’t waste time reading it again, instead watch the video below, it’ll all be crystal clear.


1 Comment

Comments are closed.

  1. @rajeshr Thanks for the video, its good to know how to sync between OpenDJ and OpenIDM for Roles and Users.

    We have the following use case which we are trying to make it work using OpenIDM and external OpenDJ.

    1. Sync Role to a custom ldap group (CRole) – This worked using the above mentioned dynamic assignment
    2. Sync Group to a custom ldap group (CGroup) – This also worked using the above mentioned dynamic assignment.
    3. Now we need to assign the cRole to a cGroup in OpenDJ whenever in OpenIDM we assign role to a group or vice versa.

    Can you please help us in this regard?


©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?