I have an identity attribute that states when an user starts working (he signs in, and HR sends the exact hour, for example 9am).
What is expected, is that some accesses were granted from this time, and only for 9hs.
As HR sends only the start time, so we calculate end time with some transform. As the start and end times can be any time, ISC should watch these values, so it can add or remove identity access.
Is there some way to make individual refreshes, only when each end date reaches?
Hi @jsosa ,
Map the “Next Processing Date” attribute to an attribute containing the date the account should be processed next, i.e., end date (in your case).
The “Next Processing Date” attribute is often mapped to a start date or an end date, which in your case would be the calculated end time for access. Once configured, identities will be refreshed on the date and time set in the “Next Processing Date” attribute. This refresh will occur in addition to the regular scheduled processing that happens twice daily.
Refer to the documentation for more info - Processing Identity Data - SailPoint Identity Services
Thanks!
Hi Gokul! Unfortunately this is not help in this scenario, because it does not work for the first 24hs:
What happens here is that will aggregate new start and end times each date. So end time will vary from day to day.
Hi @jsosa ,
One potential avenue to investigate: When HR notifies you, is there something you could leverage as a workflow trigger? If so, we utilise API to process a “list” of identities, but we set the list to be the identity which triggered the event.
This results in the identity being processed and acting as an isolated refresh.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
