Hi all. We have a use case where we would need to enable the disabled accounts sequentially.
For example, attribute A of source 1 has dependency from attribute B of source 2. When we reach a LCS where we would enable accounts from source 1 and 2, source 2 must be enabled before source 1 since the attribute generator cloud rule is attached at source 2 and source 1 attribute A would need to retrieve this value from source 2 attribute B.
Understand that we can use role to achieve sequential provisioning, however how do we achieve that when it is enabling instead? Appreciate any input, thanks!
For “Source 1 attribute A would need to retrieve this value from source 2 attribute B.”
==> You can use an identity Attribute and mapping it with source 2 attribute B.
And then in your account create profile and attribut synchronisation you can use this identity attribute for provision attribute A of source 1.
For your global enabling use case, you can use a simple two workflows : First Workflow :
The first workflow trigge identity attribute change and filter to LCS changes as you need.
Second :
Your second can trigge provisioning completed by filter on source 2. It verify if the provisioning completed is for enable operation on source 2 and then enable account on source 1 using enable-account | SailPoint Developer Community
Another option could be two use a single workflow, that enable account in source 2 and after in source 1
We have selected the “Enable Account” option on the Identity Profile > Provisioning tab for the LCS mentioned and so it should be able to achieve the outcome just like the first workflow as suggested.
We will test out the second workflow as suggested, thanks a lot!