We are using SailPointIdentityNow for employee and non-employee access and account provisioning. Both employees and non-employees record coming from workday sources as a source of truth. However, an IT team uses admin accounts separately from regular accounts. These admin accounts are not on the workday side. As of now, the entire process is manual. Creating an account on AD and accessing provisioning on the AD and application sides are manual. I want to automate this account provisioning and de-provisioning process through Sailpoint IdentityNow. Could you please suggest the best practices to accomplish this task by using workflow or some other method?
Hi @sivakumarnallu,
simply you are asking how IDNOW works 
First of all, I suggest to read the guide af AD connetor for having a vision of what it can do:
and of Provisioning in general:
Later, depends on your necessity. Usually, use WF if you need approves for example, otherwise you can provisioning/deprovisioning with role(RBAC).
For me, there is no absolute best method, you must choose the best for you.
2 Likes
One way to accomplish this would be to setup an “AD Admin” account source. You would use a filter to only include accounts that meet some identifying criteria for your admin accounts - for example, if all admin accounts are in a particular OU or use a particular naming convention.
You will want to make sure that all of the admin accounts have some way to correlate them with the employee account. For example, you could use the employee id number on the AD account to match up with the identity record. Others have used a particular naming convention, ex. samaccountname for the main user account and samaccountname-a for the admin account. This will allow you to correlate to the employee.
You will be able to disable these accounts when the employee leaves as this is just another account associated with their identity.
Alicia
3 Likes
Hi @sivakumarnallu,
I agree with @enistri_devo. I would also suggest going through the mock project to better understand IDNow. Here’s the link to that:
https://community.sailpoint.com/t5/Working-With-Services-Knowledge/IdentityNow-Mock-Project/ta-p/208216
There is a zip file; please download that to find the readme and some of the rules used in the supporting documents section of the mock project.
I hope this helps!
2 Likes
Thanks for your suggestion. I can try this approach and report back If any challenges. I am not sure how LCS works in this scenario.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.