One of the most exciting feature of Workspace one Aka Identity Manager Is smart groups,
Basically smart groups are not ad group but based on AD attributes we can create groups internal to Identity Manager and use them for entitlements.
Lets take an Example: I have a large Active Directory where my new application should be only available to people only in US. i may not want to create a new user group in AD as for all such requirements my AD administrator has to work again.
Many other requirements also can come where my company has bought another company and i want an application to be only available for all employees from that new company but with my companies account.
Here Attributes play part , so we have to make sure we properly map AD attributes to respective vIDM attributes.
Lets take one scenarios:
Create Smart group for only US citizens
first we have to adjust vIDM attributes for above example, we need to make sure we have an attribute called country and its mapped with attribute in AD which is nothing but "c"
go to administration portal > identity & Access Management > Setup > User Attributes
and we will add a new attribute called Country as below.
now we need to map this attribute with attribute in AD , generally attribute called c has this entry into AD. For mapping them we need to go to directory sync settings and map them.
Go To Identity & Access Management > click on your directory name (vclass.local in our case) > sync settings > mapped Attributes there we will map newly created attribute with ad attribute as below.
now we are good at attribute mapping and we can now use this attribute to create smart groups.
We will create smart group for people only in US which means we will only pick people who have US as their value in Country attribute.
Go to Users & Groups > click groups > click Add Group to get a group creation Wizard..
Give some name (US team) and click next
We can add users from active directory if we do not have any AD group and want to add few users to make a local VIDM group. Leave it blank and click next.
now we will create a rule to check only for people who have US as their country attribute.
create a rule where Country Matches US and it will pick up all such users automatically , we can play with all AD attributes in the same way. we can also exclude any user from this smart group.
Finally click create group to create a smart group , this smart group can be used to entitle any VIDM application.