Users may find that custom search filters in Identity Manager (IDM) for attributes like "User's Organization Name" or "User's Organization" do not return the expected results or return users from all organizations. This typically occurs when attempting to restrict a search task to a specific organizational unit using standard search screen rules.

Product: Symantec Identity Manager
Versions: 14.5 through 15.x

Certain organization-related attributes (such as those mapped to ORG_MEMBERSHIP or ORG_MEMBERSHIP_NAME) may not be eligible for standard search criteria in the User Console. Relying solely on search screen rules for organization filtering can result in "no results found" or an unrestricted search scope.

To restrict a search task to a specific organization, use Admin Role Scope Rules instead of modifying the search screen filter. Follow these steps:

Create a Custom Task:

Create a copy of the out-of-the-box View User task.
Name the new task (e.g., View Internal Users).

Configure a New Admin Role:

Create a new Admin Role (e.g., Internal User Administrators).
Assign the custom task created above to this role.

Define the Scope Rule:

Navigate to the Members tab of the new Admin Role.
Create a member rule for the users who should perform this task.
Set the Scope to: User in organization [Organization Name] (e.g., User in organization Internal Users).

Verification:

When a user assigned to this Admin Role logs into the User Console, they will see the custom task.
Executing the task will automatically restrict the results to the defined organizational scope.

For detailed information on configuring scope rules, refer to the Identity Manager 15 Documentation: Scope Rules.