Hi Team,
I have a requirement where I have created application for privileged groups in active directory and make this application requestable in the request center.
The requirement is
The application shouldn’t be visible to the requesters(when they are raising access request to themselves) who don’t have account in privileged AD source And if the requestor who has account in privileged AD source trying to raise an access request to the recipient(Request for others) who don’t have account in privileged AD source they shouldn’t be able to submit the request.
Note: requirement is no new accounts should be created in AD privileged source when users request approved.
Create an identity attribute (e.g. hasPrivAcct) and associate it with a transform that returns a boolean value if a privileged account exists for the identity.
Thanks for the reply @IIQUserOnCompass .
The above suggestion will work to limit the application visibility only to requestors who dodn’t have Priv account.
Can you also please suggest how to restrict the users(they priv account) who are raising access requests for others(by selecting request for others) who don’t have priv account and submitting access requests.Can you suggest how to restrict that.