Hi All,
I created a BR with below conditions:
My question is If a user comes in and it does not have a SAP Fieldglass account but the first 3 conditions matches in that scenario will the rule still trigger?
Hi @Deepanshu07 ,
No, as its AND condition, access will get assigned only if all the criteria matches.
If you want it to work without “SAP Fieldgrass” account, then have two criteria groups with “OR” condition
1st Criteria group will have as below
2nd Criteria group will have as below(Note: you cannot have user status “open” and “closed” in same condition, kindly have one)
The issue i am facing is user can only have one primary role in Fieldglass so initially it is fine once a new user comes in he is assigned BR rule accordingly but when the same user request for a new role in SP it replaces it BR access then the role is getting triggered again and removes the new role and re assign the BR access.
How can i tackle this so that the rule only triggers for new users and not existing ones in Fieldglass
Does existing users have the same access that has been added in Birthright role?
For some users yes it will be.
The use case is when a new user comes in and it matches the 3 first criteria then it user is assigned FG account and BR role.
But if any existing users that does not have the BR access but matches the first 3 conditions for them this rule should not trigger because that will automatically replace there existing role
SailPoint assign roles based on the criteria defined, it will not know whether it’s a new user or existing user. Best way is to go with Workflows.