SvcBancsAPITestT.08169 (Customer) asked a question.
Group Rules alternative
We have a custom app that we want to control access via Group Membership, but need to segregate our clients from each other. I have set up a separate group for each client firm, all similarly named "client_user_abc" "client_user_xyz" where the last 3 characters are client code. This code is an attribute in the user profile.
I currently have group rules set up for If Code=xyz, then add user to Group client_user_xyz. This is not scalable when I have 100+ groups/codes to maintain.
Is there a way to do this in a single statement like Find the group containing the user.code and add the user to that Group?
Hi, this is Eusebiu from Okta Support and I will help you out.
Based on the ticket's description, that would be obtainable, however, we would end up with a group rule that would need to be maintained and updated each time because we will need to add all the group IDs to that particular group rule. We would end up also hitting a limit where the expression could be only that long by going that route.
We have these articles that may help to create a group rule using expression language:
https://developer.okta.com/docs/reference/okta-expression-language/#string-functions
https://help.okta.com/en/prod/Content/Topics/users-groups-profiles/usgp-create-group-rules.htm
However, if to have an answer tailored to your needs, I believe the best way to approach this would be to open a ticket and explore alternatives where we could get all the details.
Thank you and have a great day!