Hello everyone!
Please tell how the offboarding process is implemented in your company ?
For example we use workflows within which we get all the entitlements, accesse profiles, roles, accounts and then delete them and lock them
For the last 3-4 months we have been experiencing constant problems with workflows freezing, due to which we have to manually off-board employees, do you have such a problem?
Maybe you use provisioning functionality in identity profile?
From what I’ve seen, mostly the termination/off-boarding is done as below:
If the roles were granted via RBAC, then if that user moves out of membership criteria where LCS==Active, then all the roles/entitlements would be deprovisioned. Along with this, leverage inactive LCS and disable the target application accounts from identity profile settings.
Else, if the roles were granted via manual access request, then LCS==Inactive would disable your target accounts from the previous step, but the entitlements need to deprovisioned by using either of these below options:
Manually by the admins (can leverage search subscriptions to schedule search reports to be sent regularly to the admins based on activity in your system or a general policy config)
Using a workflow.
Periodic certifications
Hi Vadim,
Currently we have lifecycle states set up in the identity profile and when the user is off boarded the account gets disabled however for certain sources we need to remove the access as well.
Is your workflows taking care of the removal of access? If so could you kindly share how the workflows are set up to do so.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.