Please be sure you’ve read the docs and API specs before asking for help. Also, please be sure you’ve searched the forum for your answer before you create a new topic.
Hello,
Basically, when we activate the flag “Remove All Access” in the identity profile, ISC tries to revoke all access, even the ones that weren’t given by ISC.
The issue is with the EntraID connector: ISC tries to revoke Dynamic groups and it throws an error as it’s impossible to add or remove a member “manually”.
Of course, I can try not to aggregate those groups, but we would lose visibility, and unfortunately, I can’t go with this approach.
Yeah it’s a shame you cannot filter what gets removed with this option enabled. The only option I can think of is a Before Provisioning (cloud) rule which would remove the Dynamic Groups from the provisiong plan. The rule would have to use the IDNUtil method getManagedAttributeDetails() to determine which groups in the plan are dynamic to be removed.
Please be sure you’ve read the docs and API specs before asking for help. Also, please be sure you’ve searched the forum for your answer before you create a new topic.