Which IIQ version are you inquiring about?
Version 8.3
Share all details related to your problem, including any error messages you may have received.
Afternoon!
I’ve been noticing that during the leaver workflow, there’s an entitlement that I would like to exclude from LCM Provisioning when it’s going through and removing all of the users roles/entitlements/etc. I’ll try to summarize the steps:
Let’s take a terminated user who has a RACF account. There is a before provisioning rule that sets their default RACF group to a specific group - we made this change for audit reasons, and the rule works just fine. The problem comes when LCM Provisioning builds the identity request - in the request, there’s a section where a remove operation tries to remove this default group. If you’re familiar with RACF, you can’t remove a default group - you can only change it to something else.
What I would like to do is somehow either exclude this particular group altogether so that when the identity request is created, it’s not included. I’m fresh out of the SailPoint IIQ Advanced Provisioning and Workflow course, but I never thought to ask them about this, and there wasn’t anything (that I can see or remember) that would cover this topic.
Does anyone have any ideas or thoughts on how I could accomplish this?