I am looking into the ability to remove users from AD group memberships upon termination, but I still don’t fully understand the rehire process.
Does a rehired user regain all the access they had when they were terminated? Or do they start from zero and need all access reprovisioned like a new user? I feel like I should know this one, but I’m having trouble finding clear documentation and don’t remember going over it in training.
Hey @jared-fox,
There is no single rehire process. This would be determined by your company/organization’s needs and requirements. Some organizations might reinstate access if the user is hired within a certain time period, some might not reinstate access ever. You should consider your business requirements, your security requirements, and your regulatory requirements for how to handle rehires. Once you determine that, you should be able to develop the necessary process in IDN as needed.
Thank you,
- Zach
3 Likes
Are rules often stored and executed in the virtual appliance? I’m not seeing a rehire before provisioning rule in my VSCode collection. I think I’ll have to find the rule in the VA and attempt to interpret it.
Hi Jared,
There is no standard rehire before provisioning rule. A before provisioning rule can be utilized to help with rehire cases, but it again depends on what you want that rule to do and this type of rule is typically source specific instead of based on lifecycle state, again depending on how you implement it. Additionally, before provisioning rules are cloud executed rules and need to be reviewed/approved by SailPoint before they can be uploaded or changed in a tenant.
I would recommend reading a bit more about the types of rules that can be utilized in ISC: Rules | SailPoint Developer Community
Thank you,
- Zach
1 Like
Thank you Zach, I will do some studying. I am still pretty new to all this but have spent a considerable amount of time doing online training and one on one with sailpoint engineers. It’s a lot to take in but I’m really enjoying it.
1 Like
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.