I am using an IPS to read users from our corporate user directory (LDAP) and create or update them in our IAS as needed. The user creation is working fine and I've got the read from our LDAP source being filtered to only provide users which belong to specific groups. What I've been unable to do is have the IPS job add the users to specified groups in the IAS.
I'm only reading user attributes from LDAP as I don't want to create groups in the IAS only map users into groups already existing in the IAS.
For example. the users I'm reading from LDAP belong to group "ABC123", I'm mapping those users to a group in the IAS (e.g. TargetIASGroup), this is in the source system transformation:
{
"condition": "$.ldap.attribute.user.groups =~ /.*ABC123.*/",
"constant": "TargetIASGroup",
"targetPath": "$.groups[0].value"
},
Then in the target system transformation I map the group to the target field
{
"sourcePath": "$.groups",
"preserveArrayWithSingleElement": true,
"optional": true,
"targetPath": "$['urn:ietf:params:scim:schemas:core:2.0:User'].groups.[?(@.value)]"
}
User records are created, but not Group Assignment for the users.
What am I missing?
Thanks, Brian.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.