Create user in target system only during access provisioning

This topic has 1 reply, 2 voices, and was last updated 2 months, 3 weeks ago by Andrew Potter.

  • Author
    Posts
  • #28596
     akumar101
    Participant

    Hello experts,

    We’ve a SCIM based target system, where we’ve licensing restrictions on total number of user objects.

    I’m thinking that user need to provision to target system only during the event of when any access is given to the user in IDM (relationship to a role/custom managed object or implementing a custom multi-valued string array type on user object).

    I’ve implemented similar use case with other IDM solution. However, not sure what are the options with ForgeRock IDM tool? (‘Assignments’ do allow us to provision attributes based on a condition. However, in this case, we need to provision the user itself based on a condition (access to a resource)).

    Any pointer is greatly appreciated.

    Thanks,
    A

    #28603
     Andrew Potter
    Participant

    Typically you might use the ‘sourceCondition’ filter in a mapping for this.
    See: https://backstage.forgerock.com/docs/idm/7.1/synchronization-guide/filtering-source-and-target.html#filtering-source-and-target

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2021 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?