SteveM.58178 (Customer) asked a question.
Does anyone know if there's any way to create a generic group rule which will assign a user to a group based on their user.organization attribute? This would be in lieu of creating a rule for each group/application because it won't scale past the 100 limit on group rules. I'm fine on the "if" condition with just:
!isMemberOfGroupName(user.organization)
But "Then Assign" needs an explict group name reference. I would love to be able to variable-ize it:
IF !isMemberOfGroupName(user.organization)
THEN ASSIGN user.organization
For multi-tenancy we create all our groups and applications the same and by taking advantage of the user.organization attribute, we can onboard with CSV and have users get assigned automatically to the correct group.
Thanks.
Hi @SteveM.58178 (Customer)​ , Thanks for taking the time to reach out to the Okta Community!
If I understood your desired implementation correctly, you will not be able to achieve this due to the current Group Rules feature limitations.
The Group where you want users to be added needs to be explicitly defined. It does not have a function to cross-reference a user attribute against a group name.
Assuming that the users have the organization attribute populated with a value, you would have to set up one rule per group (up to 2000 group rules supported). For example:
John Smith's organization: Sales
IF user.organization == "Sales" THEN Assign to "Sales"
Jane Doe's organization: Accounting
IF user.organization == "Accounting" THEN Assign to "Accounting"
And so on...
Hope this clarifies things!
Yeah...this is what I thought. Was just really checking. Now that you are getting ready to release Bulk User group assignment 😃, this whole discussion becomes moot.
I've been playing with the new feature today in our preview environment and it will definitely make things a lot easier. I don't have to worry about any group rules now. Thanks!