Self-Register user workflow add user to Group
Hi,
I have a fairly basic Self-Register user workflow that I am playing with in OAM. I am wondering if I can somehow add a step(s) into my workflow that will add the user to be a member of a Group in OAM during registration?
If so, can this be done without an "external action" or custom code?
If anyone knows anything that can help I'd appreciate it.
Thanks,
Jackie
Here is a solution but will work only if users click on the appropriate self registration links. Also may not be very feasible in cases where self registered user need to be added to a group from large number of groups.
In the workflow step did you configure multiple targets?
You can configure multiple targets under the workflow domain you have chosen.
To self-register a user under a particular group you need to provide a self registration link to users with ObDomainName query string configured appropriately.
Eg:
Self registration Workflow domain is dc=acme, dc=com
Say you want users to be added to groups
cn=users1,dc=acme,dc=com and
cn=users2,dc=acme,dc=com.
For this create 2 Targets in 2nd step of your workflow for the two groups you want user should be added to. Now you have effectively two self registration urls,
http://host:port/identity/oblix/apps/userservcenter/bin/userservcenter.cgi?program=workflowSelfRegistration&ObWorkflowName=...<your value here>...&ObDomainName=cn=users1,dc=acme,dc=com
http://host:port/identity/oblix/apps/userservcenter/bin/userservcenter.cgi?program=workflowSelfRegistration&ObWorkflowName=...<your value here>...&ObDomainName=cn=users2,dc=acme,dc=com
Now if you can manage users to click on appropriate links then you can achieve the goal.
Similar Messages
-
Grant access to help desk users to add members to distribution and security groups
Hello,
I am trying to create a set of help desk users that has full access to add or remove members from distribution and security groups as well as update users. We want it to bypass owner approval and essentially allow this group to add or remove members
in the FIM Portal and flow it down to ADS.
This obviously works fine if one is a member of the Administrators set, but we want a second tier of power users with limitied rights compared to FIM Admins. We have added the help desk team to the Security Group Users and Group Users set as
well as MPR "Security group management: Users can read selected attributes of group resources".
The help desk users can update users in the Portal with no issue. The can search groups with no issue but when they try to add members to a group they get the error "Access Denied".
Any help is greatly appreciated.
Thanks!I'm having very similar problem - I have users with delegated right to modify group membership only. User can add someone to group and it works fine, but when the same user is trying to remove and user from a group (even if this is the same user
which was added a minute ago) he gets Access Denied:
The
request included members which the requestor is not authorized
to add and/or remove from this group."
It is caused by default MPR:
Group management workflow: Validate requestor on remove member
Question is how this activity validates this request - any insight? -
Hi,
my requirement is to add users for a role in PFCG transaction and then do the user comparison. Can any one tell whether a FM or BAPI exist to do this.
In PFCG Transaction.
enter ROLE -> press change button -> go to users tab -> Add user IDs here -> then save and press 'user comparison' button.
thank you very much for your reply
SreeHi,
could you please check BAPI_USER_PROFILES_ASSIGN. & BAPI_JOBROLE_CLONE copy it & it will creates a User Role in other system.
Thanks,
Abhijit -
Self-registered users : Auto activate and add ESS role ?
Hi all ,
we are allowing users to self-register for our ESS portal. We would like to auto-activate the users and give them the ESS role without any Admin action .
Is this possible ?
Regards
DanielHello Daniel,
please assign your ESS Role to the group "everyone".
Then the self registered(but also every other user on the portal) will have this role by default.
Assign Default Role to User
Regards
Frank -
Self-Register User Notifications
I need to send out several email notifications during a self-register user request: Request Initiated, Request Awaiting Approval, Request Approved/Rejected. It seems that OIM 11g/SOA is only setup to handle 2 out of these 4. The SOA engine can notify the approver of the pending approval. OIM can notify the end-user that the account was approved and created based on the Self-Register User Event. Unfortunately, there doesn't seem to be an OIM event or enough data passed to SOA to handle the Request Initiated or Request Rejected scenarios. I am wondering if anyone knows of a way to meet these requirements?
Thanks,
PeteHere is a solution but will work only if users click on the appropriate self registration links. Also may not be very feasible in cases where self registered user need to be added to a group from large number of groups.
In the workflow step did you configure multiple targets?
You can configure multiple targets under the workflow domain you have chosen.
To self-register a user under a particular group you need to provide a self registration link to users with ObDomainName query string configured appropriately.
Eg:
Self registration Workflow domain is dc=acme, dc=com
Say you want users to be added to groups
cn=users1,dc=acme,dc=com and
cn=users2,dc=acme,dc=com.
For this create 2 Targets in 2nd step of your workflow for the two groups you want user should be added to. Now you have effectively two self registration urls,
http://host:port/identity/oblix/apps/userservcenter/bin/userservcenter.cgi?program=workflowSelfRegistration&ObWorkflowName=...<your value here>...&ObDomainName=cn=users1,dc=acme,dc=com
http://host:port/identity/oblix/apps/userservcenter/bin/userservcenter.cgi?program=workflowSelfRegistration&ObWorkflowName=...<your value here>...&ObDomainName=cn=users2,dc=acme,dc=com
Now if you can manage users to click on appropriate links then you can achieve the goal. -
I have an email message generated via workflow that I want to send to a specific plant. In that plant I want the message to hit a workflow mailbox that a group of users will be able to access. I would also like to add and remove the users based on what access I give them when they get hired on and given SAP access. That way I can control who gets to see what is in the mailbox based on their SAP access. Any thoughts as to how this can happen?
Thanks
BruceHi Bruce,
If it's just a mail (as opposed to a work item) then you can send it to a distribution list (well, you could also do this for work items), or else most cormporate mail systems' email distribution list can be addressed via an email address. So all you do is use a good naming convention and build the email address in your WF according to plant name e.g. 'dispatch_XXXX(a)yourcompany.com' where XXXX=plant code, and maintain the distribution lists via outlook/exchange/notes.
Cheers,
Mike -
Self registering of Guest user
Hi,
I want to enable the self register option for the guest user.I can't see self-registration link on the Welcome screen.I have done the following steps.
1.Ticked self-registration for guest at UME.
2.Seted ume.logon.selfreg=TRUE in VA.
3.Assign the action "ume.selfregister_user" to the role "Everyone"
4.and finally restarted.
but still I am unable to see the link for "Self Registering".
Am I missing something?
Regards
IndranilHi Indranil,
You have missed the following two steps after server restart:
1) Configure the Standard User Role (eu_role):
a. Navigate to Content Administration --> Portal Content
b. Navigate to Portal Content --> Portal Users --> Standars Portal Users -->Standard User Role.
c. Open the Standard User Role
d. select in the "property Catagory" combo box in the property Editor frame the "User Management Permissions" option.
e. Change the following fields:
i. Manage_My_Profile --> yes
ii. Manage_My_Password --> yes
iii. Read_My_Profile -->yes
iv. Selfregister_User --> yes
f. Save the changes in the save button in the left size of the screen.
And then,
2) Assign eu_role to everyone group
- Anagha -
Where do the self registered users go
Hi ,
I am new to oracle web center. i have created a sample app no db connections just pure oracle web portal application.
This app has a defalut weblogic/weblogic1 admin user.
Apart from this i ahave also added a self registration page from the readily available security taskflow.
Now i am able to add users at runtime through this self registration page.
But since i am not using any DB am wondering where are these newly registered users and their passwords are being persisted.
can any one shed some light on this cos i cant even see the new users in Jazn xml
--Sanketok these registered users are being created in the integrated weblogic ;
but why arent we able to browse thorugh thtem trough jazn xml.
--sanket -
Hi all
I found
this post that explains the same issue I'm having, but the marked answer isn't relevant to my environment. I've built a user creation runbook, using 2012 R2 and this
Active Directory Integration Pack. Everything works properly, except I'm getting strange security log events when using the Add User to Group activity.
In one of the tests, I added a single user that was being created to about 100 different groups. Let's say one group has 50 members. When the user gets added to that group, the security audit shows that 50 users were removed from the group, and then those
50 users were added back plus my new user. It shows this activity for every group that the user was added to. I get the following two actions for every member of the group:
Member '-' was removed from 'Domain\Group' by 'Domain\User' on...
Member 'DN of Member' was added to 'Domain\Group'...
This is a problem because it makes our audit reports and notifications worthless since we'd have to read through all the noise to see an actual anomaly. I'm also concerned that if users are actually being removed and re-added to those groups, that there
could be some consequences of that that we aren't seeing yet (i.e. application access interruptions, or what if the connection to AD is lost after removing the users but before adding them back in). Although I should say I'm not convinced that the users are
actually being removed because as you can see above, no member information is recorded on the removal, and all the removals and additions have the same exact time stamp meaning they occurred within 1 second, which seems pretty fast given that some of our groups
are large.
Is this the intended behavior of the Add User to Group activity? If so, is there a workaround I can use to avoid this behavior? The next thing I'll try is using PowerShell to add the user to the group, but this option isn't ideal since the runbook will be
managed by users who are not that familiar with scripting, so I'd like the solution to contain as little as possible.
ThanksHi,
the issue of the AD IP 7.0 is reported here
http://social.technet.microsoft.com/Forums/de-DE/eef9cdda-774f-4b95-bd89-aa3f86feee9b/ad-integration-pack-add-user-to-group-activity-problem?forum=scoscip
Try the up-to-date Version 7.2
http://www.sc-orchestrator.eu/index.php/scoblog/115-updated-system-center-2012-r2-orchestrator-integration-packs-available
Regards,
Stefan
www.sc-orchestrator.eu ,
Blog sc-orchestrator.eu -
So I am following power-shell script that I see online.
I am trying to add 2 users (as a test for now) from a csv file into an AD group.
The AD group name is "IMAllow"
I created a file called AddUsersToGroup.ps1 that I am running on windows power-shell.
The file contents are below
# Add User to a Group - PowerShell Script
Import-module ActiveDirectory
Import-CSV "C:\Scripts\Users.csv" | % {
Add-ADGroupMember -Identity IMAllow -Member $_.UserName
And my file with users is called "Users.csv"
wahidta
indenga
I get the following error
Add-ADGroupMember : Cannot validate argument on parameter 'Members'. The argument is null or empty. Supply an argument
that is not null or empty and then try the command again.
At C:\Users\zzwahidta\Scripts\AddUsersToGroup.ps1:7 char:44
+ Add-ADGroupMember -Identity IMAllow -Member <<<< $_.UserName
+ CategoryInfo : InvalidData: (:) [Add-ADGroupMember], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.AddADGrou
pMemberGet-Help Add-ADGroupMember or http://technet.microsoft.com/en-us/library/ee617210.aspx
$creds = Get-Credential
Add-ADGroupMember -Identity IMAllow -Member $_.UserName -Credential $creds
I hope this post has helped! -
How to add user from domain A to a group in domain B
How would you acheive adding a user from domain A to a group that is in domain B via powershell without the Quest cmdlets? I've been trying to figure this out for about a week now. Please let me know if the scripting guy has seen this issue before.
LittleTechHello jrv,
Here's what i was trying to do. The two domains im working with have a trust between them.
1. Create a user in External.Domain.Com
2. Add the user in External.Domain.Com to GroupOne in ExternalDomain2.Domain.com
3. The only knowledge that ExternalDomain2.Domain.Com would have about the account in External.Domain.Com is whatever is in the Global Catalog. Here is what im trying, but it isn't working.
#Connecting to domain PSDrive
New-PSDrive
-Name
ExternalDomain
-PSProvider
ActiveDirectory
-Root
-Server
DC01.Domain.com
cd
ExternalDomain:
#Create user
#Add to ExternalDomain Groups
$UserDN=Get-ADUser-LDAPFilter"(sAMAccountName=$UserID)"
#Connecting to domain2 PSDrive
cd
AD:
$GroupDN="CN=Wireless
Device Users,OU=Wireless,OU=Systems and Technology,DC=External,DC=Domain2,DC=Com"
Add-ADGroupMember-Identity$GroupDN-Members(Get-ADObject-Identity$UserDN.DistinguishedName
-Server"DC01.Domain.com:3268")
Connecting via port 3268 allows me to talk to the global catalog instead of LDAP.
I receive the following message: A Referral was returned from the server
I know that if i connect using [ADSI] i am able to specify that the connection follows referrals, the AD cmdlets seem to not have that function. The Quest AD cmdlets do... I just dont want to have to use third party cmdlets to do what the AD cmdlets should
be able to do in the first place.
THanks,
LittleTech -
EPM 11.1.2.1 add a MSAD user to a HSS native group via MaxL command
Hi there
I want to take over MSAD user as EPM (Essbase) user in a HSS native group via MaxL command:
This works fine as long as the user is already in at least one other group (with at least server access).
If I want to do same for a "new" user it fails.
Is there any trick to also make it work for this case?
see here:
alter user 'mynewuser' add to group 'ALL_SERVER_ACCESS_ ESS1';
ERROR - 1051012 - User mynewuser does not exist.
or even
alter user 'mynewuser@domain' add to group 'ALL_SERVER_ACCESS_ ESS1';
ERROR - 1051012 - User mynewuser@domain does not exist.
Thanks in advance!
Regards
AndreYou will probably need issue a create first for example
create or replace user 'essuser' type external;
alter user 'essuser' add to group essgroup;
or
create or replace user 'essuser@LDAPNAME' type external;
alter user 'essuser@LDAPNAME' add to group essgroup;
Cheers
John
http://john-goodwin.blogspot.com/ -
SF-300-08 SNMP setup doesn't show any Groups in Add User pulldown
I'm setting up a new SF-300-08 with SNMP.\
I have defined Groups OK.
But, when I go to Add User, the Group pulldown is grayed out and I can't add a user.What version snmp are you using? Groups for users is only available in snmp v3.
Sent from Cisco Technical Support iPad App -
Add Users from people picker field to sharepoint group
Hi,
I have created infopath form and added people picker control and then created data connection to add users to sharepoint group.
Used UserGroup webservice and "AddUserToGroup" operation. If I select single user in people picker and click submit button, web service data connection adding user to sharepoint group without any issue but it's not working for multiple users.If
I select multiple users in people picker, web service adding only first user to sharepoint groups. In our company we do not prefer custom coding.
Can anybody help me out to resolve this issue?
Any help or suggestions would be appreciated.
Thank you,
AA.You ll be able to achieve this by placing people picker in repeating table control in the form, below url may help you.
http://infopath.wordpress.com/2013/04/02/people-picker-email-addresses-repeating-tables-infopath-2010/
Sivabalan -
How to add users from person or group field in a sharepoint list to sharepoint group
Hi,
How to add users(single or multiple) from person or group field in a sharepoint list to sharepoint group programmatically?
Any suggestions would be appreciated.
Thank you,
AA.Hello,
Use SPGroup.AddUser() method to add user in group. I have just written sample code in notepad so it is not tested:
SPSecurity.RunWithElevatedPrivileges(delegate()
using(SPSite Site = new SPSite(SPContext.Current.Site.Url))
Using(SPWeb Web = Site.OpenWeb())
SPList list = web.Lists["ListName"];
SPQuery query=new SPQuery ();
query.Query = "<Where><Eq><FieldRef Name='Title' /><Value Type='Text'>Test</Value></Eq></Where>";
SPListItemCollection items = list.GetItems(query);
if(items.Count > 0)
foreach(SPListItem item in items)
//Get USers from person or group column
SPFieldUser userField = (SPFieldUser)item.Fields.GetField("Users");
SPFieldUserValueCollection userFieldValueCollection = (SPFieldUserValueCollection)userField.GetFieldValue(item["Users"].ToString());
SPGroup spGroup = spSite.RootWeb.Groups[groupName];//group name
if (users.Count != 0)
bool isUserInGroup = false;
foreach (SPFieldUserValue user in users)
foreach (SPUser item in spGroup.Users)
string itemUserName = item.LoginName;
string UserName = user.User.LoginName;
if (itemUserName == UserName)
isUserInGroup = true;
break;
if (!isUserInGroup)
spGroup.AddUser(user.User);
The above code will query list item and then get users from "Users" column. Now it will check whetehr user is already in group not, if not then add user in group.
http://rajanijilla.blogspot.sg/2012/09/add-users-to-group-programmatically.html
Hope it could help
Hemendra:Yesterday is just a memory,Tomorrow we may never see
Please remember to mark the replies as answers if they help and unmark them if they provide no help
Maybe you are looking for
-
Itunes cannot detect the CONTENT of my Iphone 5. Help?
I have installed the latest ios, itunes and microsoft software. I've even reinstalled them a few times. BUT when I connect my Iphones to itunes, the phone is detected but then an error popped out saying that itunes couldnt recognise the content of ih
-
Detall with the configuration in cluster of my system PI
Hello people We have installed PI in cluster of microsoft 2003 and one application server with this configuration, sometimes presents problem with interfaces with status http_status_not_ok and with the load of the interfaces is slow. We tested a s
-
How can I put files into the trash without login every time?
Every time I want to put items in the trash, after dragging things to the basket, I have to sign in. Why? Can I set the defaul to allow me to do so without login?
-
My GarageBand Application has simply disappeared.
My GarageBand Application has simply disappeared. I didn't uninstall it nor trash it. I've done spotlight, finder, every search I know. How can I get it back?
-
HT1366 I cannot get my macbook to restart
--When I start up, I have a gray screen with the apple icon and a spinning wheel. I am not getting to the log in screen. What can I do?