I’m looking for a spark that will help me with following task: our customer wants to know if it’s possible to implement in ISC following mechanism: when identity hit the ‘inactive’ life cycle state role is revoked but entitlements (on AD in particular) must remains untouched.
In normal situation entitlements will be obviously revoked (as they were assigned via role). Now, workflows might comes in handy but i can’t really put my finger on how it can work.
Any ideas are highly appreciated. Many thanks in advance
You can write before provisioning plan. In plan you will list of all access during the revocation for action so you can remove the roles from the plan and rest keep everything as it is. It will work without any issues.
