Provisioning Criteria for entitlements

Identity Security Cloud (ISC) ISC Discussion and Questions
, , , ,
1

HI Team,

I am trying to define provisioning criteria , where I want to compare 2 attributes instead of hardcoded values

  1. I want to compare userId from identityattrbiutes with ManagerId from account attribute.
  2. I want to check if a user is a part of a governance group or not .
    and than want to automatically provision an entitlement .

Could you please help me with these 2 conditions ,

I tried to compare like this where userID equals “$managerID”

but its not working .

Best Regards
Sethi Shivam

2

Hi @sethi_shivam,

Using auto role assignment criteria alone will not meet both requirements. Additionally, creating an identity attribute and evaluating criteria to determine if a user is part of a governance group using transform is questionable. However, I have a theoretical solution using a custom approach:

  1. Use ISC APIs to check all available governance groups.
  2. Check all members of these groups.
  3. Compare user ID with manager ID.
  4. Verify if the entitlement already exists.
  5. If not, and all conditions are satisfied, call the access request API to add the entitlement.
  6. Schedule the script.

This could be a solution, but before implementation, always consider design complexity and maintainability .

1 Like