Groups › Create a Dynamic Group

Create a Dynamic Group

You can create a dynamic group by defining an LDAP filter query using the Identity Manager User Console to dynamically determine group membership at runtime without having to search and add users individually.

For example, if you wanted to generate a group that lists all U.S. employees of NeteAuto, you could define an LDAP search filter similar to the following in the Dynamic Group Query field of the Identity Manager User Console:

ldap:///cn=Employees,o=NeteAuto,c=US??sub

You could also modify this query to locate employees outside the United States.

Static, Dynamic, and Nested Groups Example shows an example of a group created by static, dynamic, and nested groups.

Note: You include Dynamic Group Query field in the task by editing the associated profile screen. It is not included by default in the Create Group task.

To create a dynamic group:

1. In the Identity Manager User Console, select Groups, Create Group.
2. Choose to create a new group or a copy of a group and click OK.
3. On the Profile tab, enter a group name, group organization, description, and group administrator name.

   Use the Validate button to check these fields were used correctly.

   Note: The Validate button does not check the content of the Dynamic Group Query field.

4. Enter an LDAP search filter like the following example in the Dynamic Group Query field:

   ldap:///cn=Employees,o=NeteAuto,c=US??sub?

5. Click Submit.

Note: Only an administrator with the Modify Group task can change a group's dynamic membership.