Hello everybody,
Hope my fellow developers, you are having productive day!!!
I have a question. Is there any way we can define the role assignment in sequence. Let me give you an example. User “John Doe” is a new hire, should be assigned Role1, Role2 and Role3. Since he is a new hire, a new account should automatically be created in target source. So, to make it simple to understand, in our case, we need to first create an account in Source2(from Role2), and then use the credentials from Role2 to create an account in Source3(Role3). So, I need to assign the roles step by step, sequentially. Is it possible? Currently, everything is being assigned simultaneously.
Thanks
Make the assignment criteria for Role3 include some attribute of the account created in Role2. For example if Source2 is Active Directory, then something like UserPrincipalName contains @ or if it’s another system, then you’ll have to come up with some other criteria for that system.
4 Likes
That is exactly the route we used.
One thing to be wary of though, is using that method for Entra ID role provisioning. If you are using AD Connect to create the Entra acccount, then that method relies on a scheduled account aggregation to bring in the Entra account. Therefore the roles may not get provisioned immediately.
Phil
1 Like