Hello,
We have the following business requirement:
In a user base of a few thousand active directory accounts, determine the group assignment logic based on user attributes and apply that logic to new users. For example, if every AD account with the department attribute = 'helpdesk' are in a RDP access group, then assign that group to every new helpdesk user.
Our first question is can Role mining do this? Is it able to look at the correlation of user attributes and entitlements? And if so, what are the values we need to pass?
Currently we have done the following:
Role mining by users (top down approach)
Select all users that are in active directory
Select Type of Access to Mine: notAvailable,
Based on: (entitlements) used by any user
Select Number of roles: Optimal
Percentage cut-off: 2
Minimum entitlements per role: 1
Minimum users per role: 2
Is this the correct approach for the business scenario we have?
When using these settings, with role number optimal, it produced only 1 role with all the groups, which is obviously not desirable. How should we approach this?
Thank you,
Lukas
