Active Directory

Identity Security Cloud (ISC) ISC Discussion and Questions
, , , ,
1

Hi everyone,
I’m looking for guidance on how to set up a workflow in SailPoint Identity Now for an Active Directory source that removes user entitlements, access profiles when the identity’s lifecycle state changes to “terminated.”

as part of de-provisioning SailPoint disable AD account and remove some entitlements but not All the entitlements(Excluding the Primary groups like Domain Users).
Has anyone implemented this? Would appreciate any help, examples, or JSON templates if available

2

Hey @imranshaik786 You can look at this article Workflow to remove ALL leavers' standing access which gives you different approaches using Workflow.

Hope this helps you.

3

check standard before provisiong rule.

4

You should be able to achieve this using the standard before provisioning rule. In case you are looking to do this using a workflow here is a sample that should work for you.
LeaverRemoveAccess20250515.json (2.6 KB)