After modify rule in idn

Identity Security Cloud (ISC) ISC Discussion and Questions
1

Hi Experts,

Windows Local Connector is not supporting Domain account access deprovisioning, we are using after modify rule to remove domain accounts from the Local groups.

Here my question is, When we do access review, I see my remove entitlement event as failed. That is expected as windows OOTB connector doesn’t support domain account access deprovisioning. Now in my campaign status report, This will come as open even though my after modify rule would have revoked the access.

how can i update sailpoint IDN instantly after “AFTER MODIFY” executes to let sailpoint know that access has been removed.

2

@chandramohans27,

Good Afternoon!

Unfortunately I don’t know the answer to your question, but I was curious on the scope of which you use the Windows Local Connector :-).

Do you bring in all your Windows Servers as a source within IDN or target a specific few? We’re throwing around ideas how best to report Windows local users without having to bring in all servers as a source, which would be relatively unrealistic within our Enterprise.

Thanks!

1 Like
3

If the removal is an entitlement, you should be able to see that in Access History for the user, even if done outside of IDN

4

@ethompson

But I believe this will get updated only on my next aggregation right?

5

That is correct. The next aggregation will record the change

6

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.