Group Lookup in IAM

  1. Go to iam.bethel.edu
  2. Click Application > User Account Lookup
  3. Type the name of the group in the search box and click the appropriate result
  4. Under the Profile tab, there are many attributes listed. Here are some common ones that may be helpful to reference
    - buDepartmentCode - This is the assigned department code (i.e. everyone in this department with automatically get the group, in coordination with buRoleConstraints)
    - buDeptConstraints - This is the departments that members are allowed to request the group (in coordination with buRequestableGroup & buRoleConstraints)
    - member - This list members (usernames) of the group with their full eDirectory context
    - owner - This lists who approves new members of the group if it is requestable
    buRoleConstraints - What roles will automatically be members of the group (in combination with buDepartmentCode) or what roles can request the group (in coordination with buDeptConstraints and buRequestableGroup)
    - buRequestableGroup - If present, the group is requestable. NOTE: If all members drop out of the owners group, this will be removed and the group will no longer be requestable. Systems will need to add it back
    - buAccountLog - A log of certain activities of this group


Note for shared mailbox lookup: There will be both a MailboxAccess - group, along with the actual mailbox user. You will want to look at the MailboxAccess group.

Example: Nursing - Employees

Anyone with the NURS department code (buDepartmentCode) & STAFF, FACULTY, SPONSORED-STAFF, SPONSORED-FACULTY (buRoleConstraints) will automatically be members in the group

Anyone with STAFF, FACULTY, SPONSORED-STAFF, SPONSORED-FACULTY (buRoleConstraints) in any department (as there is no buDeptConstraints) can request the group and HR - Approvers can approve access (owner)