Fix Rename of AD Group Entitlement
R
Rick van den Dijssel
Merged in a post:
Assign AD groups to GUID instead of Name
René Jonkers
In provisioning we connect in the businessrules some AD groups. This assignment is based on the AD Group Name. But, when the name of an AD group changed the rule cannot find the AD group anymore. Instead of connecting to the AD Group Name it would be nice - just like Service Automation - to read the GUID instead of the name so if the name of an AD group changed the rule keeps working.
René Jonkers
Rick van den Dijssel This is exactly what I mean. What is the reason that when using the GUID of de AD-group the name of that group not changed on the Provisioning side if GUID is used? The GUID is of course the Unique Identifier so if the group is renamed on the AD-side why is this not automatically renamed on the Provisioning side? I like to see that this would be possible. Please let me know what the possibilities are.
R
Rick van den Dijssel
René Jonkers: I'll merge this feedback item with Fix Rename of "AD Group Entitlement" based on your extra information
R
Rick van den Dijssel
René Jonkers: The group name is also stored in the bussiness rule and entitlement. Otherwise we need to get live information everytime you open a business rule, the entitlement overview, action screen. This is really slow and results in a bad user experience. Currently we don't have a solution other than adding the renamed permission to the business rules again after removing the current selected one. This will result in a new group name from all newly granted entitlements but already granted entitlements will have the old name.
R
Rick van den Dijssel
René Jonkers Could you explain this with a bit more details? This because the built-in on-premises AD target system is using de GUID of a group instead the name of the group. The only thing which isn't automatically updated is the group name assigned in the rule. You need to reapply the group in the rule and then the name is changed. Besides this the old name is shown on the already granted entitlements but when revoked the correct group is unassigned from the user.