Hi Everyone,
We have integrated a web service connector. We need to remove the entitlement assigned to the user once user is disabled from the source. Web Service connector is having http operation of Remove entitlement but that is not getting called once user is disabled.
We also tried writing Before Operation rule to remove the entitlements but we are getting NULL value using provisioningPlan.getNativeIdentity().
Please suggest some workaround for this requirement.
Thanks
Hi @Sgupta1,
Have you taken a look into the Services Standard Before Provisioning Rule .?
You can make use of the remove entitlements action to remove the user entitlements as part of the disable operation. Take a look at the attached documentation for more details.
Services Standard IdentityNow BeforeProvisioning Rule - README.pdf (68.5 KB)
What operation type is the remove entitlement operation set to? Have you tried setting it to the “Disable Account” operation type?
That way it should be called during the disable operation as well.
Just create a Disable operation that is actually a remove on the api .
You can have parenting on Disable if i’m not mistaken
@Sgupta1 these can you tell how these entitlement are being granted is it via access request or birth right?.
If via access request then you can go with the below options
1- Write a before rule for removal
2-Go for a workflow to remove on identity attribute lifecycle state change
3-Certification on such users can remove access
Thanks
Shantanu
Hi Shikha,
You can try adding two operations for Disable(like Disable - 1 and Disable - 2), so basically the first operation will be used to disable the user account, 2nd one can be used to remove the user entitlements (use before provisioning rule to get the user entitlements and update the jsonbody). Also make sure to have the appropriate context URL inplace for entitlement remove.
Thanks @Karthikeyan_U this worked.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
