I have entitlements in AD and have daily aggregation to SailPoint ISC. We have SNOW for access request so users are added to AD groups from SNOW. Since we have daily aggregation, entitlements gets updated with new user access. How can we get the audit of the entitlements like which users are added and revoked access to the AD group in SailPoint ISC?
I see that Events are not captured in SailPoint since SailPoint didn’t provision or revoke access. And Access history shows for each user and not all the users for the entitlement. How can i get the audit history for the entitlement.
Thanks for the link. This is for any account update or attribute updates. I’m looking for entitlement updates. That too for any specific entitlement. Even if we configure Native update for AD source, we will have lot of triggers since AD account gets updated more frequently with access.
And the entitlements assigned to accounts are an account attribute. When you add an account to a group in AD, the memberOf attribute on the account changes.
You can trigger native change events based on the memberOf attribute being changed
If Modify = True:
a. Verify Data Type: Check for memberOf Add
JSONPath: $.trigger.accountRequests[0].attributeRequests[?(@.operation == ‘Add’ && @.attributeName == ‘memberOf’)]
b. Get Variable: Extract the group name (if found)
JSONPath: $.trigger.accountRequests[0].attributeRequests[?(@.operation == ‘Add’ && @.attributeName == ‘memberOf’)].attributeValue
I have never had a chance to try using a nested attribute within the provisioning completed trigger but could be worth a look!