DEV Community

hediyeh kianmehr
hediyeh kianmehr

Posted on • Edited on

How to create a business rules?

Overview:

To ensure proper provisioning of users, we should implement a system where each user is automatically assigned a specific Managed System, such as "AD PowerShell Managed System." This rule will be added to the user's profile upon creation.

In this document we cover these topics.

1.How to create a business rules in OpenIAM?

  • 1.1 How to navigate to BusinessRules

  • 1.2 define the target parameters

  • 1.3 define the Business Rules parameters

Prerequisites:

Before creating a business rule, make sure the Active Directory Members role exists.

If you haven’t created it yet, follow the instructions here:

https://dev.to/hediyeh_kianmehr_45f78137/role-25mh

1.How to create a business rules in OpenIAM?

1.1 How to navigate to BusinessRules

  • Navigate to the Access Control section

  • Select the BusinessRules Tab

1.2 define the target parameters

To begin, we need to define the target parameters.

  • click on the Add Target.

Name: automation based on our setup
Description: powershell based on our setup

Active checkbox: ticked
Then click on Save.

Configure the necessary fields

  • Right-click on the automation(based on our setup) and select Add Action

Type: Add User to Role
Roles: AD PowerShell Managed System
Roles: Active Directory members
Then click on Save

1.3 define the Business Rules parameters

To add Business Rules, first

  • click on the Add Business Rules option.

Name: testforBusinessPowerShell based on our setup
Operation: Add-triggered only upon user creation

note:
This means that a user is allowed to add only after their account has been successfully created.

status:pending modifications

note:
This means that when our user is created, it is not active.

Apply selected rule when conditions match: automation

note:
When the user defines the specific target to be achieved, we link it to the automation that was previously created.

Configure the necessary fields

  • Right-click on the column of the table where it says Type.

  • Then, click Edit

  • choose Expression

Attribute:First Name
Operation:Is empty
Negation: enable

note:
This ensures that the rule only applies when the First Name is not empty

  • Then click save

Congratulations all this work will be connected to the Active Directory member used by all users. It will pass through the AD PowerShell managed system, ensuring the user is created correctly.

Top comments (0)