Im working with IDN and I wonder if it’s possible when a user change his cost center or department (the user will be a mover) that IDN automatically perform a deprovisioning of all the entitlements assigned to the user?
I think that maybe it will be a solution to create a new lifecycle state, Mover, and when IDN automatically set the user status to movers, run a deprovisioning of the selected application but the problem is that just deactivated option is possible.
you can create a new LCS on identity profile say Mover
Detect the value change in costcentre or department and set the LCS state using a transform in the identity profile mapping
You can set something like disable account action on the Mover LCS state
On the respective sources Before Provisioning Rule, you can capture the account request in disable state and the user LCS value as Mover and change the plan, account request to deprovision entitlements assigned on that source
I’ve created a transform rule to identify when a identity have the Mover lifecycle state. I’m using the conditional transform rule type, the problem is that I’m not able to obtain the proper value. See my transform bellow:
One easy way to accomplish the deprovisioning of access during cost centre/department changes are by using access profiles/roles. You can define the assignment for roles and when the user changes cost centre, they are deprovisioned automatically.