Hi, We have IDM 4.0.2 on windows.

As per our requirement, we manage AD groups as roles in IDM. We do not
manage as groups, so we dont have sync on group objects.

Example: if there are 100 groups in AD, we have created 100 - roles,
resource with group values, association and entitlment mapping table.

So, when a roles is assigned to a user, roles and resource drive assigns
resources with group value and AD driver picks up the entitlemnt value
and gets the actual AD gorup from mapping table and assigns the group in

This is working fine.

But, if there are few groups are created in AD in future, ex: 5 new
groups today created in AD, we have to import them into IDM as
roles,resource and update mapping table. As of now, we are doing it

Is this can be done through an IDM workflow, where the user enters the
name of role and group dn in AD. And the workflow should create Roles,
Resource, Association and update entitlement maping table?

Please help. also let us know what is the best approach on this as per
our scenario.

thanks in advance.


