ScottF.86572 (Customer) asked a question.
Is it possible to automatically assign an app to a user based on whether the user has another app already assigned?
I have App1 and App2. I want to automatically assign App2 to a user if they have App1 assigned, and I want to do this on an ongoing basis. My thought was to create a group assigning App2, with an Okta Expression checking whether they are a member of App1, but the expression I came up with doesn't seem to do the trick:
String.stringContains(app1.userName,user.login)
returns the message "Unsupported expression constructs are used in expression String.stringContains(app1.userName,user.login)".
I have verified both that "app1" is the correct name, and "userName" is the correct attribute name. What am I missing?
Hi Scott,
The simplest approach to this would be to use the same group to assign access to both apps.
Another simple option would be to use group rules. https://help.okta.com/en/prod/Content/Topics/users-groups-profiles/usgp-about-group-rules.htm
You can create a rule that says if user is a member of group "abc" then add them to group "xyz".
Hi Rus,
Unfortunately neither option will work for my use case. In my particular case, a user is expected to request App1 via self-service, but then will also need App2 assigned in order for App1 to work. Hence why I need to verify membership of App1 with a rule.
Hi Scott,
Have you made sure app name is in the required format as mentioned in this screenshot :
Another approach can be to setup a scheduled job which uses APIs and checks if a users is assigned to App1 and then assigns it to App2 .
Is there a reason why you do not want to enable Self Service for both apps?
Hi Priti,
Unfortunately I cannot see that screenshot. My app format is as referenced in my OP.
I considered a scheduled job, but would prefer a user receive access to both apps instantly so as to reduce confusion.
I would love to enable self service for the second app, but I cannot. It has a provisioning component, and Okta will not allow self service (with no approval process) of an app with a provisioning component. Hence the need for a workaround.