CloudAccess Dynamic Groups

CloudAccess Dynamic Groups

One undocumented feature of CloudAccess is support for dynamic groups in policy management. This provides the administrator ability to map policies to essentially any LDAP query. In this example, we will configure a dynamic group and use it to restrict an AppMark to employees located in India.

Creating the dynamic group

Creating dynamic group objects in eDirectory is fairly straightforward. Log into iManager and use the group menu to create a new group. Make sure to use a context in which you are authorized to create and modify objects. One way to do this is to create a new context for CloudAccess groups and give the CloudAccess administrator ownership of the group. Enable the dynamic group option and disable all other options in the group creation dialog.

Once the group is created, modify it to include your search filter. After you apply the settings, you should be able to see the members of the group.

Dynamic Group Configuration Dynamic Group Configuration

Note for Active Directory - While AD does not inherently support dynamic security groups, it is possible to achieve a similar effect through the query and dmod commands. More information on this can be found at

Mapping the policy

Aside from possibly adding a new search context, the policy mapping should work just as it would with static groups. In our example, we took the India Payroll AppMark and unchecked the public option. After applying the change, we mapped the AppMark to the newly created dynamic group. After this, the AppMark will only be visible to employees located in India.

CloudAccess will query this group for changes every minute, so changes in the group will quickly be reflected in the policy.

policy-configuration Mapping the India Payroll AppMark to the "co-India" Dynamic Group


role-configuration Viewing the Configured Policy Mapping

Tags (1)


Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Top Contributors
Version history
Revision #:
1 of 1
Last update:
‎2014-03-14 18:45
Updated by:
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.