Red Hat Summit Red Hat SummitSupportConsoleDéveloppeursCommencer un essaiContact

Ce contenu n'est pas disponible dans la langue sélectionnée.

Chapter 28. Automating group membership using IdM Web UI

Automate group membership in Identity Management (IdM) using the Web UI to assign users and hosts to groups based on their attributes. Automatic group membership reduces manual administration by sorting entries into groups as they are created.

For example, you can:

  • Divide employees' user entries into groups based on the employees' manager, location, or any other attribute.
  • Divide hosts based on their class, location, or any other attribute.
  • Add all users or all hosts to a single global group.

For details about benefits of automatic membership, see Benefits of automatic group membership section.

28.1. Adding an automember rule using IdM Web UI
Copier lien

Create automember rules in the Identity Management (IdM) Web UI to automatically assign new users or hosts to groups based on their attributes. This eliminates manual group assignment and ensures consistent group membership policies.

Existing entries are not affected by the new rule. If you want to change existing entries, see Applying automember rules to existing entries using IdM Web UI.

Prerequisites

  • You are logged in to the IdM Web UI.
  • You must be a member of the admins group.
  • The target group of the new rule exists in IdM.

Procedure

  1. Click Identity Automember, and select either User group rules or Host group rules.
  2. Click Add.
  3. In the Automember rule field, select the group to which the rule will apply. This is the target group name.
  4. Click Add to confirm.
  5. Optional: You can add conditions to the new rule using the procedure described in Adding a condition to an automember rule using IdM Web UI.

Add conditions to automember rules in Identity Management (IdM) Web UI to automatically assign users or hosts to groups based on their attributes. This simplifies group management and ensures consistent group membership across your environment.

Prerequisites

  • You are logged in to the IdM Web UI.
  • You must be a member of the admins group.
  • The target rule exists in IdM.

Procedure

  1. Click Identity Automember, and select either User group rules or Host group rules.
  2. Click on the rule to which you want to add a condition.
  3. In the Inclusive or Exclusive sections, click Add.
  4. In the Attribute field, select the required attribute, for example uid.
  5. In the Expression field, define a regular expression.

  6. Click Add.

    For example, the following condition targets all users with any value (.*) in their user ID (uid) attribute.

    Screenshot of the

View automember rules and their conditions by using the Identity Management (IdM) Web UI to review which users or hosts are automatically added to specific groups.

Prerequisites

  • You are logged in to the IdM Web UI.
  • You must be a member of the admins group.

Procedure

  1. Click Identity Automember, and select either User group rules or Host group rules to view the respective automember rules.
  2. Optional: Click on a rule to see the conditions for that rule in the Inclusive or Exclusive sections.

28.4. Deleting an automember rule using IdM Web UI
Copier lien

Delete automember rules using the Identity Management (IdM) WebUI to stop automatic group membership assignments. Removing obsolete rules ensures users and hosts are grouped according to current organizational requirements.

Deleting an automember rule also deletes all conditions associated with the rule. To remove only specific conditions from a rule, see Removing a condition from an automember rule using IdM Web UI.

Prerequisites

  • You are logged in to the IdM Web UI.
  • You must be a member of the admins group.

Procedure

  1. Click Identity Automember, and select either User group rules or Host group rules to view the respective automember rules.
  2. Select the checkbox next to the rule you want to remove.
  3. Click Delete.
  4. Click Delete to confirm.

Delete specific conditions from automember rules using the Identity Management (IdM) WebUI to refine automatic group membership criteria.

Prerequisites

  • You are logged in to the IdM Web UI.
  • You must be a member of the admins group.

Procedure

  1. Click Identity Automember, and select either User group rules or Host group rules to view the respective automember rules.
  2. Click on a rule to see the conditions for that rule in the Inclusive or Exclusive sections.
  3. Select the checkbox next to the conditions you want to remove.
  4. Click Delete.
  5. Click Delete to confirm.

Rebuild automatic membership in the IdM Web UI to apply automember rules to user and host entries that existed before the rules were created. This is necessary because automember rules only apply automatically to new entries.

When you rebuild automatic membership, IdM re-evaluates all existing automember rules and applies them either to all user or host entries, or to specific entries that you select.

Note that rebuilding automatic membership does not remove entries from groups, even if the entries no longer match the group’s inclusive conditions. To remove them manually, see the following sections:

28.6.1. Rebuilding automatic membership for all users or hosts
Copier lien

Recalculate and apply automember rules to all users or hosts to correct group memberships after rule changes. This bulk operation ensures all entries belong to the correct groups based on current automember conditions.

Prerequisites

  • You are logged in to the IdM Web UI.
  • You must be a member of the admins group.

Procedure

  1. Select Identity Users or Hosts.

  2. Click Actions Rebuild auto membership.

    A screenshot highlighting that

Recalculate and apply automember rules to a specific user or host to correct group memberships after rule changes. This ensures the entry belongs to the correct groups based on current automember conditions.

Prerequisites

  • You are logged in to the IdM Web UI.
  • You must be a member of the admins group.

Procedure

  1. Select Identity Users or Hosts.
  2. Click on the required user or host name.

  3. Click Actions Rebuild auto membership.

    A screenshot highlighting the

28.7. Configuring a default user group using IdM Web UI
Copier lien

Configure a default user group using the Identity Management (IdM) Web UI to automatically assign users that don’t match any automember rules to a fallback group. This ensures all users have at least basic group membership and associated policies.

Prerequisites

  • You are logged in to the IdM Web UI.
  • You must be a member of the admins group.
  • The target user group you want to set as default exists in IdM.

Procedure

  1. Click Identity Automember, and select User group rules.
  2. In the Default user group field, select the group you want to set as the default user group.

28.8. Configuring a default host group using IdM Web UI
Copier lien

Configure a default host group using the Identity Management (IdM) Web UI to automatically assign hosts that don’t match any automember rules to a fallback group. This ensures all hosts have at least basic group membership and associated policies.

Prerequisites

  • You are logged in to the IdM Web UI.
  • You must be a member of the admins group.
  • The target host group you want to set as default exists in IdM.

Procedure

  1. Click Identity Automember, and select Host group rules.
  2. In the Default host group field, select the group you want to set as the default host group.
Red Hat logoGithubredditYoutubeTwitter

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Nous aidons les utilisateurs de Red Hat à innover et à atteindre leurs objectifs grâce à nos produits et services avec un contenu auquel ils peuvent faire confiance. Découvrez nos récentes mises à jour.

Rendre l’open source plus inclusif

Red Hat s'engage à remplacer le langage problématique dans notre code, notre documentation et nos propriétés Web. Pour plus de détails, consultez le Blog Red Hat.

À propos de Red Hat

Nous proposons des solutions renforcées qui facilitent le travail des entreprises sur plusieurs plates-formes et environnements, du centre de données central à la périphérie du réseau.

Theme

© 2026 Red HatRetour au début