How do you manage your governance groups ?
We are facing the same issue every now and then where people leave the organization and access requests get stuck, because members of the Governance Group are now down to 1 person who is OOO i.e.
Or we have things where certain departments are involved, obviously no one from the department informs the Admins of the change and again, people are wondering why they don’t get the approval when their colleagues do (because they weren’t added manually…)
There is currently so much manual effort behind Governance Groups and I was wondering if we just maybe are doing the governance part of the groups wrong or if we should build our own app outside of ISC to govern the groups.
We are aware of the “Work reassignment” part, but this again requires an end user to be diligent and set this up when they are OOO or an Admin to do so on behalf of the users when they are already gone .
While we are trying to promote this as much as possible, it still doesn’t solve people leaving etc.
Call the API named as “List Governance Group” members.
Get the List of identities assigned to that Governance Group
Check the LCS state of the identity. If its “inactive/disable” (whichever LCS state you use in your organization to mark the identity which has left the organization), then, call the API named as “Remove Members from Governance Group”.
Then, Call “Add members to Governance Group” API and assign a peer or his manager to it so that we have seemless flow and approval in place.
Note → You can also add forms in ISC workflow where you can ask Manager to provide consent and provide the name of peer which can take the place of employee leaving the organization.
.
