I am probably getting confused by IDM'isms versus Role Based
Entitlement'isms which are basically LDAP Dynamic groups...
I want an RBE that applies when a user is made the member of a specific
I see how I would do an RBE for all object of say an object class
I see how I would do an RBE for all users where acmeGiveMeEmail=true is set.
What I want to do is if a user is placed in the group acmeMeWannaEmail
in say AD, it syncs to the vault, syncs to the next tree, to make them
appear in the entitlement.
I could convert the Group membership change to acmeGiveMeEmail=true in
IDM policy pretty easily. But it seems like a backwards approach.
Ought to be an easy way to do it directly.
Group Membership is equal to cn=AcmeMeWannaEmail,ou=groups,ou=ou,o=o
You know the obvious stuff. I must be missing something really obvious
as this should be really easy and common to do.