Hi @jesvin90 ,
Thanks for the note on Sticky entitlement. I tried using Access profiles, and it is working as expected during provisioning and de-provisioning. However, in my case, I can request either a Role with Entitlement or Direct entitlement. According to our automation criteria, the direct entitlement option is no longer available. So, the only option now is “Role.”
Here is the Role with Entitlement criteria: I have created a role with:
- “Application Entitlement” (Example: Adobe Standard) in “Manage Access”
- Assignment criteria as “Type - Entitlement,” “Source - Active Directory,” “Entitlement - Adobe_std_AD_group”
- Identity status - Active
In this scenario, how can I remove the entitlement (Adobe_std_AD_group) tied to this user before or after disable? Are there any other ways to handle this? If Workflow is a good option, please share any documentation to refer to.
