Team,
Quick Question about roles. If an Entitlement was added to an Identity on the Target System manually, and that Entitlement was part of a Role in IDN. If the Identity that was added manually does not meet the role criteria - does IDN have the ability to identify this and remove the Entitlement that was added manually from the Target system?
May be something you can pull using search. if not, then try exploring the native change detection to detect changes outside of IGA Here is the link to get you started:
Outstanding! Thanks Sunny!
With roles, IDN will not deprovision an entitlement if it didn’t provision it. At least that’s been my experience.
Hi Mark I agree - but it looks like they have the below on the roadmap so perhaps we will have the ability to execute soon.
Admins will gain advanced configuration options in the Native Change Detection UI. Additionally, Admins will be able to get started fast using Workflow templates to:
Here’s how we recommend auto-revoking entitlements added through native change. You could upload this file under New Workflow > Start with a JSON File. Soon, you’ll see this added under New Workflow > Start with a Template.
Hi Marvin. Did any of these replies solve your question? If so, can you please mark the reply that was the solution? Thank you!
Hi Colin,
You bet. QQ - any idea when the below will be a feature in our tenant
Admins will gain advanced configuration options in the Native Change Detection UI. Additionally, Admins will be able to get started fast using Workflow templates to:
The announcement says that it should be enabled in your sandbox tenant, but I don’t know what the schedule for production rollout is. If you want to know specifically when your production tenant will be enabled for native change detection you can reply to the announcement and ask @kirby_fitch.
Thanks Colin will do.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.