Is IDN able to synchronise groups and their membership across multiple sources? Like keep all the onprem AD groups in sync with the groups in other sources such as: Google Workspace, DUO…etc etc
Some of those tools implemente RBAC based on groups and having them replicated from AD via IDN allows to consolidate the support model.
I’m assuming a lot of the Sailpoint connectors use SCIM under the hood, and SCIM allows CRUD operations for groups, but is not clear to me if we can do this in SP the same way we do in AzureAD (where any SCIM integration offers you the possibility to sync group out of the box)
Let’s remove RBAC from the picture. We have thousands of user groups that must be synchronised across different sources some are for RBAC but some others are just for organizational purposes or DLs: so we don’t want to create Roles/Access profiles (apart from being overkill for thousands of groups) …for instance: between Azure AD and Google…using an Azure AD SCIM connector this is a simple as selecting “sync all users and groups”…as far as i recall, Okta also has something very similar on their SCIM connected apps…Can SP do the same?
having to use a licensed option like workflows for something other providers offer OOB would be a bit disappointing…also not sure what would be the scalability of workflows (we don’t have workflows) for thousands of users being sync’d to thousands of groups.
I’m assuming the comparison between Okta/AAD and Sailpoiint IDN is not totally fair as the formers are Directory services and SailPoint is not…but since the SCIM protocol allows to sync groups as far as I know and Sailpoint uses SCIM…i think it can be a legit question.
I hear you David. Keeping RBAC aside and Workflow license concerns, Yes we can look for some other solutions including SCIM. Let me replicate your scenario and keep you posted.