Forum Discussion
Dynamic group membership rules with application assignment
1. I have a dynamic user group (Microsoft365) (CRM users) --- originating from random AD OUs or departments. where group name should be "CRM users.
2. I have CRM application name "CRM"
3. I want to populate the Dynamic group with all staff using this "CRM"
the first step i have done;
- I created a rule based on department (user.department -contains "Medical") and (user.accountEnabled -eq True) this works, but only for that department
- Now I want to assign users this application, then add them to dynamic group.
So that all users of CRM, automatically belong to "CRM users group".
___>>> (user.objectId -ne NULL) and (user.accountEnabled -eq True) and (applications.applicationId -eq "38bb468d-88ef-46d4-ad2d-8d57c1903964") ,,,, this is not working.
4 Replies
Never seen the application attribute being used, are you sure it's supported? Afaik only the attributes listed in this article are supported: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership
VasilMichev how can I construct rule that can allow application users to be members of the same group. For example; accounting users, sales users, marketing users, IT users (not everyone in these departments use the app but some of them use the app), I want to create for them a dynamic group.
any guide?
- It's not natively possible. You could write a script which does this through the graph api
your assistance will be highly appreciated on this.
