Trying for some extra automation here...
I can map a role based on an LDAP attribute eg
if DepartmentName = Accounts then assign role 'Accounts'
if DepartmentName = Sales then assign role 'Sales'
is there a way to use the attribute to select the role dynamically such that:
if DepartmentName = %department then assign role %department
No, this is not possible; you need to manually make the associations.