We have a requirement that in a leaver scenario, when a user is about to terminate, we must transfer the ownership of the source and service account to their manager for which user own. Can someone please help
Hi Deepak,
You can use a workflow to accomplish this use case. The trigger could be an identity attribute change event (filter on lifecycle state) or an account disablement (eg. Active Directory). Then you would make an API call to the ISC Search endpoint to grab objects that were owned by the recently terminated identity. You can use the following query - id:"<insert dentity id>". This will return an ‘owns’ map of objects that the identity is listed as an owner of.
Then loop through each of these objects and update the ownership to the identity’s manager using the PATCH API endpoints for each type of object (eg. role, access, profile, entitlement, source, governance group, etc).
Thanks,
Liam
As @vishal_kejriwal1 mentioined, the ISC Governance connector (also known as the loopback connector) is a good way to accomplish this, using the reassignment feature: