We are using IIQ 8.4. For an application using Webservices connector, we need to configure two group objects (i.e., teams and roles).
To assign a role, user must have the team, and we need to pass the respective teamID in the body for Add Entitlement - Role. We need to automate this using RBAC. We would like to hear any suggestions on how we can create the IT roles and to handle the provisioning.
Is it possible to show in UI for the Identity’s link like below:
Name: User001
Display Name: Test User001
Assigned Teams: Team 1
____________________ > Role1
____________________> Role2
________________ Team 2
____________________> Role33
____________________> Role34
We need to provision using the access request workflow as well.
I am attaching the connector configuration for reference.
First, you need to find all the teamID associated with that user. I cannot see that operation. If you do have that operation then just add group in schema
Now, create a business role and create a rule that if person have team1 then return true and assign that in IT roles.
Thank you for your response @Shozib. The teamID and Roles under the teams are both dependent on the RBAC. We need to first assign the teamID to the user and then the corresponding roles under the teams as per RBAC. We would like to hear any suggestions on how we can create the IT roles in SailPoint to manage and handle the provisioning of both group objects.
Hi @padma_priya, as per I understood your requirement. Create a role to assign only a teamID (logic will be as per your requirement, you can write a rule of check other options as well) and run a refresh task and make sure these two points are checked.
In your IT role, include both team and role as entitlements. Then, in your application, define two operations in this order:
Add Entitlement – Teams
Add Entitlement – Roles
Since the team is also part of the IT role, the team ID will be available in the provisioning plan. You can retrieve it there and use it to populate the payload for the Add Entitlement – Roles operation.
