How to assign organization to user identities added through bulk import in Identity Cloud

Suriya · March 19, 2024, 12:03pm

Hello everyone,

I got a use case where we need to import user identities through “.csv” bulk import in ForgeRock Identity cloud and assign users the organization while doing so. I don’t know how to automatically assign users to the organization. I require suggestion from you guys how to achieve this.

stephane.orluc · March 19, 2024, 3:12pm

Hi @Suriya
To do that, I think I’ll extend the user schema to store the name of the Org of the user and then using an OnCreate event script I would use this Org name value to link the user to the Org Object.
Cheers,
Steph.

Suriya · March 19, 2024, 3:16pm

Hi @stephane.orluc ,

Thank you so much for response… if possible can you provide me a sample script to do this operation. Since I am new to this scripting it would be great helpful. Thanks in advance

stephane.orluc · March 19, 2024, 4:05pm

If you’re using IDM, browse to Managed objects definition and select the tab “script”, on this page select OnCreate event and enter a script similar to this:

var orgID = object.orgID
var patchedUser = openidm.patch("managed/alpha_user/" + object.username, null, [{
        "operation":"add",
        "field":"/memberOfOrg/-",
        "value":{"_ref":"managed/alpha_organization/"+orgID+"","_refProperties":{}}
}]);

orgID is the user attribut where you store the org ID. You may have to modify a little bit the script, I didn’t tested it.
You can find more information on these pages: Script triggers defined in the managed object configuration :: ForgeRock Identity Cloud Docs & Functions available in identity-related scripts :: ForgeRock Identity Cloud Docs

Suriya · March 20, 2024, 1:00pm

Hi @stephane.orluc ,

I have tried the script suggested by you along with links to refer…even though I tried some modifications like you suggested, still its failing. I have spent my entire time till now and couldn’t implement it.
I kindly request if possible, can you provide me the tested script. I am also working and will update if I found some solution. Anyone who can up with same use case can provide ur suggestion also it is appreciated.
Thanks for ur effort.

Suriya · March 21, 2024, 9:39am

Hi @stephane.orluc ,
It seems like ForgeRock doesn’t allow to set value to organization object since I am new to IDM product and I am not sure is that true/not, could you please provide me the solution. It would do great help. Thanks in advance.

stephane.orluc · March 25, 2024, 11:42am

hi @Suriya,
Below a step by step how to:

choose an attribute to store the Org Name. This attribut must be of type String. In my example I choose frUnindexedString2 attribute.
on alpha_user object, Add an inline script for postCreate event.

var orgname = object.frUnindexedString2;
var org = openidm.query("managed/alpha_organization", 
              { "_queryFilter": "name sw \""+orgname+"\""}, 
              ["_id"]);
var patchedUser = openidm.patch("managed/alpha_user/" + object._id, null, [{
        "operation":"add",
        "field":"/memberOfOrg/-",
        "value":{"_ref":"managed/alpha_organization/"+org.result[0]._id+"","_refProperties":{}}
}]);

now when you import the user, store in the attribute frUnindexedString2 the name of the org you want to link the user to.
Et voila!

Suriya · March 25, 2024, 12:08pm

Hi @stephane.orluc ,
Thank you so much, this helped me a lot!