Hi Everyone,
We have a requirement where we want to use certification campaign via Sailpoint IDN, but wants to restrict the remediation action being propagated to target systems.
E.g. For an AD account, if the certifier revokes a security group from the user’s account, the removal of AD security group request shouldn’t be sent to AD.
Thanks,
Shailee
Hi Shailee,
I believe BeforeProvisioning rule should help you - you can inspect provisioning polan and if it’s triggered from Certification and removes certain group you can just remove this Account/Attribute Request from the provisioning plan.
Hi @kjakubiak , thank you for your response. We will try Before provisioning Rules to achieve this.
I had one more query about entitlements on Sailpoint account. Will they be removed before the BeforeProvisioning Rule is invoked ? If yes, we want to stop that as well.
Thanks
No, if you dont have operation in the plan it will not show any changes on the account.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.