Hi Team,
I need help about the process for revoking user levels (org_admin, helpdesk.,etc) in IdentityNow when a user’s LCS (Lifecycle Status) is changed to “Terminated”, without utilizing the out-of-the-box (OOTB) workflow functionality.
looking for an alternative approach, preferably leveraging the ISC Governance Connector, to achieve this automation. Could you please provide guidance on how we can set up this process effectively?
Thanks,
Divya
Use this api call to update the user levels patch-auth-user | SailPoint Developer Community
You will need to setup a source preferably web service source for handling the admin accounts. There you can setup operations like enable user and disable user to call the APIs mentioned by Tom to achieve this requirement.
Ideally you should also then use this connector for onboarding any admin identity in ISC where you can read these permissions from ISC tenant and then configure them as roles and then make them requestable.
In short, you can create your own loop back connector using web service connectors to achieve this.
Or if you want a simple solution, then just use a workflow where on trigger you can check if the user moved to terminated status and then check if it has admin level access and then remove it if it is not coming via role simply by using the PATCH API. This will be easier to implement in short time.
I hope this helps.
Regards
Vikas.
You can use the SaaS Loopback Connector to manage User-Levels as Entitlements.
IdentityNow Management Connector - CoLab / SaaS Connectors - SailPoint Developer Community
Below is also a post explaining how to configure the web service for management.
Assign ISC Capabilities with Requestable Entitlements/Roles - Identity Security Cloud (ISC) / ISC Community Knowledge Base - SailPoint Developer Community
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.