Please be sure you’ve read the docs and API specs before asking for help. Also, please be sure you’ve searched the forum for your answer before you create a new topic.
Hi All,
I have a scenario where i want to do provision for new account to target source without entitlements.
I know that in IIQ it is possible do the provision the accounts without entitlements.
But in IDN its possible to do the provision without entitlements? If yes how to do it.
Thanks,
Shantha Kumar
Hello Shantha,
Create Account operations are always linked to some form of entitlement provisioning, as this sets off the process. If there is no account on the source == Account is Created, else entitlement is provisioned to the source account.
So in other words, no, I don’t believe it’s possible without some form of Entitlement Provisioning.
If possible you can create a group in the end system that gives basic level access or no access at all, just for account provisioning, and link this group to an entitlement in IDN.
Generally speaking however, having active orphaned accounts can become a security risk as they may remain unnoticed and potentially exploited by attackers.
@Swegmann Yes I have tried with making an ad attribute as entitlement type and add the entitlement directly in the role and account got provisioned but without groups.