About release for Multi-Account Access Requests

Identity Security Cloud (ISC) ISC Discussion and Questions
, ,
1

Hi,
About this new feature supposed to solve the issue for multiple account per source for the provisioning :

  • is there a way to automate the selection of account ?
  • what happend if you create a conditional role assigned to hundred of users having many account in a source ?
  • what happend during identity refresh for user already having entitlement and a new account being aggreagrated plus the one already owned ?
  • how to be sure end user select the correct account, if you managed user and admin account within the same source (for AD for instance) ?

I don’t see anything about these point in the feature just being released yesterday.
Can you help me with that ?

2

Hi @pbourgi

As per my understanding, when an identity has multiple accounts on a source, you can specify the criteria in the Access Profile for determining which of the user’s accounts should receive the access. This applies to access profiles automatically provisioned through lifecycle states or automated role assignment.

Please check the below link for the reference: https://documentation.sailpoint.com/saas/help/access/access-profiles.html#multiple-account-options

I hope this helps you.

Thank you!

3

Hi, thanks for your reply, but this is not working for the access request.

It’s clearly set in the box “Important” : “These criteria do not apply to access requests. If identities have multiple accounts on the entitlement source, the requester will select the accounts that need access in the Request Center”

I think only Sailpoint people can answer my questions