Request Handler - Manage Accounts Workflow

CoLab Workflows
, ,
1

Marketplace-Gradient
Marketplace-Gradient2401×1351 217 KB
:spiral_notepad: Description Request Handler - Manage Accounts Workflow
:balance_scale: Legal Agreement By using this CoLab item, you are agreeing to SailPoint’s Terms of Service for our developer community and open-source CoLab.
:hammer_and_wrench: Repository Link colab-workflows/workflows/access-request-for-account-management/RequestHandler-ManageAccounts.json at 7631f04f2b6e99311ac37b04e676eccf31e90b6f · sailpoint-oss/colab-workflows · GitHub
:open_book: New to Workflows in the CoLab? Read the getting started guide for Workflows in the CoLab.
:hospital: Supported by Community Developed

Overview

Feature to make enablement/disablement of accounts requestable in ISC along with necessary approvals

Requirements

ISC allows to request access to various applications, however, currently there is no feature to make disabling/enabling of an application account(self/others) from the Request center. This workflow enables end users to request for change in account status from the same Request Center.

Guide

Workflow Design:

image
image655×884 42.5 KB

  1. Roles

Defined Two Roles(I call them as Source Activity Roles) for the source for enabling and disabling the account respectively as below. These roles do not need any entitlements/access profiles to be added. These are roles defined in a specific naming convention.

-Disable Account
-Enable Account

Note:
Strict naming convention is followed for this requirement to achieve the needed scenario and make it as generic as possible.

  1. Workflow
    Developed workflow to handle the access requests with below high level module requirements:

Trigger(Access Request Decision):

  • To detect the access requests requested for the Source Activity Roles which are completed and approved

Action:

  • Defined variables to capture the source name and action type based on the role requested
  • Get the current accounts of the user and perform a loop operation on the identified source accounts
  • Perform the respective action(disable/enable) on the account based on the role requested
  • Revoke the source activity role for the user as it is needed to be cleared to have it requested again for another day
4 Likes