8.4p3
I have tried converting plan to delete in before provisioning rule. I wanted to check if we have any out of the box SailPoint IIQ feature which i can leverage apart from before provisioning rule.
Thanks
Hi @sboinaverisign ,
Which connector are you using?
Hi @sboinaverisign ,
I don’t think so we OOTB feature available for it
We have handled the same use case using Before provisioning rule
The rule logic includes
-pull all the entitlement of the identity
-Check if the entitlement you got for remove in plan is the last entitlement of the user
If yes
Simply covert the MODIFY AccountRequest to either Delete or Disable based on requirement
Let me know if you need any further help on this
Thanks in advance
Avinash Mulpuru
Web services connector
Thanks @amulpuru
I have done the same thing and it works fine. However, when you see the access request in UI without opening details it doesn’t show anything.
You can use webservicebeforeoperation rule to modify the headers and url if they removes all entitlements or otherwise return modify url and headers
@Harikrishna_06 If i update the URL in RemoveEntitlement operation type in before operation rule , if the user is trying to remove 3 entitlements it will try to call before operation rule thrice correct? Eventhough it will be successful in first call, it might fail in next two calls as the account is already deleted.
Hi @sboinaverisign ,
You can modify the logic accordingly and add condition for that.
@Harikrishna_06 Can you please elaborate more on this?
Hi @sboinaverisign,
If you revoke all entitlements, the plan will be seperate for three entitlement. It means three attributerrquests comes in three different plans. So when the two groups removed for the the third group it checks the condition that the identity has only one group so it automatically delete or disable the account.
Kindly let me know any additional support required from my side.
Thanks
Harikrishna