I have seen this request a few times in th forum but never found any
real good answer.

1. I don't want to synchronize the groups from AD to the IDV, groups
should be only in AD.
2. I want every group to have an equivalent resource in IDV so I can
manually (for now) create Roles of them.

From what I have read this might be possible with the Permission
Collection and Reconciliation Service in the new AD driver, documented
here: http://tinyurl.com/nff2cpx

It starts out promising to create the Resources with the line "You can
dynamically create resources with custom entitlement populated with
permission values of connected system, and permission assignments
between Identity Manager resource/entitlement model and connected
systems" but later on it seems like some .csv file has to be created.

Can someone please describe how this is supposed to work and what needs
to be done as it seems it should be possible without too much

1. what should the custom entitlement look like or is it even needed?
2. Can we only create resources from csv file?


joakim_ganse's Profile: https://forums.netiq.com/member.php?userid=159
View this thread: https://forums.netiq.com/showthread.php?t=53007