Adaxes

Adaxes force user to enter ticket number before adding or removing member from group

0 votes

Hello,

A year ago, in a previous ticket, I inquired about the possibility of mandating that Adaxes users enter a ticket number before adding a member to a group. At that time, it was feasible to add one group at a time but not multiple groups. I would like to confirm if this limitation still exists.

Additionally, I am curious if implementing this requirement would affect the automatic business rules that facilitate the addition/removal of members from groups.

Regards, Fabian

by (380 points)
0

Hello Fabian,

Please, describe the configuration you have in all the possible details with live examples and screenshots. You can post the details here or send to us at support@adaxes.com.

by (289k points)
0

I have business rules that automatically add users to groups upon user creation and remove users when the deprovision command is executed. image.png

by (380 points)
0

Hello Fabian,

Sorry for the confusion, but this does not describe anything about the process of adding a ticket number when modifying membership of a group. Business rule only trigger before or after an operation and perform the corresponding actions. They cannot request a user input.

by (289k points)
0

I do not have it configured. I would only like to know if it is possible.

by (380 points)

1 Answer

+1 vote
by (289k points)
selected by
Best answer

Hello Fabian,

Thank you for clarifying. It is possible using a custom command and two parameters. One parameter will be used to enter the ticket number, the other will be used to select the groups. In case of selecting multiple groups, a PowerShell script will be required for membership update. At the same time, there will be only a single ticket number for all the groups. In the logs, you will be able to see the ticket number as parameter value for the custom command execution.

0

If we want to set this up, I would need to revoke the write member property on all groups for all users. Am I right? They can still only add users to groups using the custom commands in groups where they have the appropriate permissions, correct?

image.png

by (380 points)
0

Hello Fabian,

Yes, that is correct. They will only need the permissions to execute the custom command on the corresponding user accounts.

by (289k points)
0

Can I also control with the custom command which groups users are permitted to add members to? Or will they be able to add members on all groups they can see?

by (380 points)
0

Hello Fabian,

There are two points here as groups will be selected in a parameter:

  • You can configure the parameter settings to only display groups that match certain criteria.
  • No matter of the criteria configured for the parameter, users will only be able to see the groups they are allowed to see by Adaxes security roles.
by (289k points)
0

and for adding devices to groups they can use the same button?

by (380 points)
0

Hello Fabian,

If you mean computer objects, it will not work. A custom command can only be configured for a specific object type. As such, you will need a separate custom command for each object type.

by (289k points)
0

Okey and for the revocation of groups I also would need a separate custom command for users and devices?

by (380 points)
0

Hello Fabian,

Yes, that is correct.

by (289k points)

Related questions

0 votes
1 answer
Business rule to adjust a custom property on user upon adding or removing that user from a group.

Hello, I am attempting to configure a business rule that adjusts an adaxes custom property of a user, upon that user being added/removed from a group. I cannot seem to ... (like username, office, description, email, etc.) but not so much on custom attributes.

asked Jul 14, 2023 by NKB#2772 (70 points)
0 votes
1 answer
Powershell: Removing a user from one group and adding to another via Scheduled Task

I have a scheduled task that runs a Powershell script against an AD group, "Group 1". I need to get all of the members of Group 1, and add them to Group 2. The ... identity in the error message start with 'user;'? What is the correct way to accomplish this?

asked Aug 27, 2019 by ngb (290 points)
0 votes
1 answer
Prompt the user to insert a ticket number before a move/delete operation

Hello, I would like to ensure that before a computer object is moved in Adaxes, the user must enter a ticket number, and after the input, the PC is moved to ... prompts the user to enter a ticket number before the move/delete operation? Kind regards, Fabian

asked Mar 20 by fabian.p (380 points)
0 votes
1 answer
Before adding group member, ask for input

Hi team, I would like to add an action of having an input of Helpdesk Users, before adding someone to a group. I tried to create business rule, running "before ... very helpful: https://www.adaxes.com/questions/877/custom-scripts-user-input-at-running-time

asked May 17 by wintec01 (1.5k points)
0 votes
1 answer
I need send a approval before or after user is add to a group.

I need a specific user, when requesting another user to join a group, to have an approval sent to the AD management team. I tried to create a "Business Rule", but I'm getting an "Access Denied" error. Any idea what this could be?

asked Aug 20 by fgmello (40 points)
3,548 questions
3,238 answers
8,232 comments
547,813 users