Hello,
we want to collect owners of AD groups from AD Group object attribute “Managed-By”. This attribute is however single valued, i.e. only one value can be inserted into this attribute. Some AD groups have more than one owner defined. To overcome this limitation, our AD team suggested that they can add a security group to the “Managed-By” field, members of this security group would then act as group owners and access request approvers.
The question is, does IGL v7.0.2 (or any newer one) has an ability to collect members of the security group set in the Managed-By field so that they can be set as access request approvers in the approval workflow?
Can anyone advise please?
Thanks much!
Marketa
Hi,
hmmm. The value can be collected. Let's place that in a STRING attribute. You then need to do some legwork in the e.g. approval workflows by looking at the string attribute and looking up the securitygroup and its members using SQL. stuff those multiple members in a workflow variable and use that in the email and approvers.
Frank