Feature #2672
openRole with account mapping will not cause account existence
0%
Description
In my case I want to have a role with account mapping for two or more different systems. The role maps a multivalued attribute and adds a value to the list of values. I'd love to have a possibility to have some settings "do not assign an account" that says:
"if the user has only roles with this setting on for this system, the account should not exist."
E.g. I have one system managed via 2 "Systems" in IDM (different branches, user schemas, need of more accounts on one system for a user...) and I want to have only one set of roles in IDM. If I had two different roles the user would need to decide which one to choose in role request based on what IDM System manages his/her account. If I had a separate role for each system and I would need to use the role in some business role I would need to duplicate, triplicate or quadruplicate the business role too.
No data to display