How to keep entitlements for an inactive LCS state

Hello,

I am currently employed at JML. We have configured AD and downstream application access profiles in the joiner event. The issue we are facing is that when the LCS state is set to inactive, accounts should be disabled, but the entitlements assigned to that account should not be removed. This is the situation we are dealing with. However, as soon as the account is disabled, the entitlements are also being removed, which should not happen. What steps should I take to address this?

Thanks,

Harish

Hi,

If the state changes, the configured APs are also deprovisioned by default. If you want to retain the access related to the account, one way is to have a before provisioning rule and remove attribute requests related to access in the plan for disable operation.

Regards,
VK.

Hi Harish,

You could also try creating a Role that will grant this access back to the users.

Something like if lifecycleState is Inactive, grant the desired Access Profile.

It might be best to just use a Role in general to grant this access to all users if the access should not be added/removed based off lifecycle state.

Thank you,

• Zach

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.