Recently I had to create a portal security group for director level and above employees. Our HR system feeds Active Directory a field containing each persons grade. Based on the grade it is possible to determine which users should be included in the security group. All I needed to do was add a property for grade to the user profile, populate it, and create a group with dynamic memberships based on the contents of the new property.
First, create a new property. I named mine Employee Grade. If you intend to use the property in dynamic group memberships the property must be searchable. Since I know it will be populated by a profile synchronization with Active Directory I made the property read only.
Next, select the utility Global Object Property Map and edit the User object adding the new property.
Then select the utility User Profile Manager and add the property to the User Information – Property Map.
Edit the profile source and add the property to the Property Map. This is where you associate the portal property with the Active Directory field. Now run the profile synch job to populate the new user property with the values from Active Directory. Create a new group and add a statement using the new property in the Dynamic Membership Rules.
There you have it. Your new group will be automatically kept up to date as changes are made to the data in the new property. This is very simple if you remember each step and go in the right order. Oracle WebCenter Interaction integrates profile data from other sources quite well and this is an example of using information in Active Directory.