Automatic Application(Azure Active Directory) Assignment

Hi All,

We have to assigned the application (AZ Directory). Here we have two types of accounts normal and admin account. So, we have to atuo assign the application based on UPN application attribute.

How i can perform these activity looking your assistance here

Do i need to create new rule, workflow and provisioning policy for that? it will trigger once identity update is trigger?.

Thanks,
Shubham

Hi @GutteStolt,

Could you provide more information about what you need?

Regards,
Arun

Hi Arun,

We have to automatically assign the application Azure Active Directory to the user based on the application attribute called UPN for that I am looking assistant here

Hi @GutteStolt,

you can manage it with a BS and IT role.

In the BS role you have the logic of assigment. In your case you can write a rule with the logic that meets the conditions.

After you carete an IT role with a profile for assign the account. Like this for example(you must choose AZ Directory):

image436×515 21 KB

With this, when an identity meets the conditions of BS role, SP assign the roles and send a request to create an account if it dont have.

Hi @GutteStolt ,

It’s purely depends on your application how it behaves and how you want. There are two ways I can tell.

1. Use roles in which add assignment rule as @enistri_devo suggested. So that users whoever is matching the criteria then those will get the account. Make sure create account provisioning policy should be there. The problem with this is in rare cases I see, if there is any license issue for the user means if they are not logged in for more than certain days then account should be disable. Then that case it is the problem. SailPoint again tries to add because of the assignment rule we have even after disable also.
2. To overcome the above one, create account while joiner is processing for the user based on your condition.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.