Please be sure you’ve read the docs and API specs before asking for help. Also, please be sure you’ve searched the forum for your answer before you create a new topic.
Hello Community,
We have a requirement where Workday roles need to be configured in Identity Security Cloud (ISC), but the challenge is around location-specific entitlements.
Currently, Workday provides location-based roles such as:
- HR Operations – India
- HR Operations – US
- HR Operations – EMEA
… and so on.
From an end-user perspective, we do not want them to see and manually select each location-specific entitlement. Instead, the desired flow is:
User requests a generic role, e.g., “HR Operations”, from the access request catalog.
ISC should automatically provision the correct location-specific entitlement (e.g., India, US, or EMEA) based on the user’s location attribute in Workday (or another authoritative source).
Inputs Requested
- What is the best way to implement such dynamic entitlement assignment logic in ISC?
- Should this be achieved via Policy-Driven Role Mapping, Before Provisioning Rules, or another approach?
- Has anyone implemented a similar setup (location-based or attribute-driven entitlement assignment)?
