IdentityIQ8.3p3
Is there a task which cleans up entitlement inside of roles? I have “detect deleted groups” checked but it`s only removing it from entitlement catalogue but not from roles
Hi @Rojit,
There is no OOTB task to directly clean up entitlements within roles. While the “detect deleted groups” feature removes deleted groups from the entitlement catalog, it does not automatically update roles to reflect the changes.
To achieve this, you can implement a custom logic.
In SailPoint IdentityIQ, there isn’t a built-in task specifically designed to automatically clean up entitlements from roles when those entitlements are deleted from the entitlement catalog.
You can create a custom task that identifies and removes orphaned entitlements from roles.
Search for All Bundles → Loop Through Each Bundle → retrieve a list of identities (users) that are associated with that bundle → Loop through each identity → retrieve a list of entitlements associated with that identity → check corresponding managed attribute (entitlement) in the catalog using entitlement name → if its null then remove the netiement from the bundle object
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.