I am new to the workflows. We have a requirement that if the identity is part of source they will be added to certain AD group and if they are removed from source in next aggregation they will be removed from AD group as well. Can we achieve this with the help of workflows? I am pretty sure that we would also need Identity profile and access profile have setup.
For first usecase (add to AD group when user account is created in another source), you can use a simple workflow like this :
In the trigger filter is:
and in the manage Access :
In managed access action you can directly as an alternative you can submit directly entitlement.
You can do the same think by filtering in account deletion and REVOKE the Access profile or entitlement
I’d use a role for this use-case rather than a workflow. The role membership criteria would be something like:
- Identity attribute: cloudLifecycleState
value: active
AND - Account Attribute
Source: source name
Attribute: Active or Status or something similar
Value: True or Active - whatever indicates the account is active on the source
Then add your AD group to the role access
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.