Role owner update

sureshkumar_v · August 10, 2021, 1:05pm

We have requirement to update role owner to manager identity when role owner leave. What would be the best way to do this in IDN ?. Please share your thoughts.

omar_khote_iam · August 10, 2021, 10:16pm

Hi @sureshkumar_v welcome to the Developer portal and thank you for your query!

The simplest, would be to make use of saved searches via the Search feature, of which saved searcges can be scheduled to run at a regular cadence and thereafter ad-hoc manual process to clean these sources or roles up. See here some useful guides on how to do this:

An example search query, such as, show me all identities whom are source owners and those whom have an inactive lifecycle state:

attributes.cloudLifecycleState:inactive

owns.source.name"Active Directory"

Or perform a wildcard search on owners and do a comparison

owns.sources.name:*

There are likely much more search queries that can be crafted and explored here!

At this moment in time this process its not possible to dynamically automate this process in IdentityNow. Another recommended option is to submit a feature i.e. enhancement request via our ideas portal. This may be an ideal enhancement to wait for the capability to exist in the IdentityNow roadmap, rather than implementing a custom external script to manage this(although this is also a viable option and possible in this scenario if required, it is quite complex to manage and create/maintain, the initial suggestion I’ve provided would therefore be the ‘best’ solution in this case).

Please do create an idea in our ideas portal, which would be great feedback, the more ideas we have captured, will enable us to highlight these pain points in the product , which will be addressed by our product management team. The more we have of these ideas and higher the votes, the greater the likelihood we can see these features available in IdentityNow out of the box in the future (you may find it’s already highly voted for, or there are different ideas, so simply voting would be useful):

Some example related ideas:
https://ideas.sailpoint.com/ideas/GOV-I-760

Kind Regards,

Omar Khote, CISSP

sureshkumar_v · August 13, 2021, 1:02pm

@omar_khote_iam - Thank you for your response. I have submitted the idea for this change.
https://ideas.sailpoint.com/ideas/GOV-I-1334

Topic		Replies	Views
Ownership Transfer For Objects ISC Discussion and Questions identity-security-cloud	6	447	February 12, 2024
PUT /api/scheduled-searches/:id ISC Discussion and Questions apis	1	254	July 19, 2023
AD Entitlement Owner Update ISC Discussion and Questions aggregation , identity-security-cloud	4	109	April 23, 2024
Owners of HR app and Active Directory ISC Discussion and Questions identity-security-cloud	5	125	December 15, 2023
Manager inactivating identity ISC Discussion and Questions	8	354	July 19, 2023

Role owner update

Related Topics