The scenario is this:
1. Creating and reading an application from Active Directory by a standard AD Collector, both groups and accounts
2. Configured the application for Identity Manager Synch under Fulfillment Information in Identity Governance and picked a custom made Resource Provisioning Workflow. This custom made workflow is designed to use the value of the resource that's going to be created in IDM by this same configuration, and submit it to another resource configured with the default group entitlement for the Active Directory Driver in IDM.
Problem: The default group entitlement policys in the Active Directory Driver are constructed by using the ID and ID2 element where the ID is the association of the group and ID2 is the DN of the group in Active Directory. However, the values synched from Identity Governance to the resources in IDM only have the DN of the groups in Active Directory. I can go ahead and pick up the same entitlement information that is valid for the group entitlement in the Active Directory driver by different methods but I'm a bit curious on how this is supposed to work.
Are we supposed to deal with different type of (structural) entitlement information when integrating IG and IDM permissions? And how is the idea to utilize the Identity Manager Syncronization feature in Identity Governance implemented in Identity Manager? Or, how should it be implemented?