We have IDM 4.0.2 on windows. We have the below scenario and it would be
great if you could help on this.

We have a web service interface that is used to create users in the
target applications and assign roles (SAP). The target applications like
app001, app002, ... app300.
we are using SOAP driver and we are able to create/modify user, it works

Each application has same 100 roles (like role1, role2, role 3). The
roles (names) are same in all the applicaiton. Bur the soap interface
differentiats them with prefixing application name in front of the role.
So that the soap interface can identity the role uniquely to assign it
on the target applicaiton.

Ex: app001, the roles are: app001:role1, app001:role2, etc.
app002, the roles are: app002:role1, app002:role2, etc.

So, we has asked to create 100 roles in IDM and on the workflow request
form the user will select the no.of application and the role he wants.
When assigning the role, it has to dynamically add prefix for each
system and send the request to soap.

Is it possible, when assigning 1 role, we can populate multiple
entitlement ref attribute values based on the users seleted

Like: On a workflow req form:

Select a role:

Select systems:

On submit, idm has to assign Role1 but it has to set 3 different
entitlment values. is this possible? app001:Role1, app002:ROle2,

Or Do we need to create 100 (target system roles) * no. of application
roles in IDM?


nvldk's Profile: https://forums.netiq.com/member.php?userid=8443
View this thread: https://forums.netiq.com/showthread.php?t=52246