Hi Team,
I am new to Sailpoint ISC. I onboarded a new source with Web Service Connector.
On that source, we have two entitlement attribute, Roles and Content-Groups.
If there is an update in Department/Company Number, the Content-Groups needs to be updated on the user account with new content groups.
How can I achieve this?
Hey Welcome to the Community,
This use case may be achived with Workflow.
You can trigger workflow using department change (identity attribute change trigger).
Once the workflow triggers you can have steps to calculate your content-Group that need to be assigned. Then you can use either Manage Access or HTTP Request to fire an API call to add this Content-Group.
Another way that you can achieve this is using Roles. Assign the entitlements, or access profiles containing those entitlements, to a role. Set up the assignment criteria to encompass the department/company number. When the user moves into that role, then they will automatically get assigned. Using this approach will also remove those groups when they no longer meet the criteria to have the role / access. This is a little more OOTB
Actually this is the best, recommended and obvious way to implement this Requirement.
@Bpoudel You need to get familiar with RBAC for this or similar requirements.
I would recommend using Role to achieve this . Write your assignment criteria which need to be meet to assign group / entitlement . if the criteria is not meet system will remove the underlying access .
Hope you won’t be running access review on these entitlements .
Thanks @margocbain I have used the same approach set the assignment criteria for each specific roles.