In ISC, we are sending a dummy entitlement for delimited source which is sitting in entitlement Catalog. This dummy entitlement is added to a role.
Upon raising access requests for the cited role, we are able to trigger a ticket based on which application team is creating an account for end users.
However, if the user is coming as disabled from delimited file, we are removing the dummy entitlement using the BuildMap rule.
Upon removal of the dummy entitlement, we see that the identity is holding the role but the corresponding dummy entitlement is not there.
Even after identity refresh, we dont see the dummy entitlement getting added which is not expected as per the definition.
The major issue is we want the consistency b/w the roles and entitlements being holded by the identities.
Await your replies.
Hi @kartheek_gopu ,
We can see that it is a delimited application, and a ticking system is in place. Roles are defined for access requests.
When you remove entitlements from a user using the buildmap rule, ISC will try to create a ticket again because roles are attached to the user but entitlements are not at that point in time.
To handle this scenario, you could use a workflow to detect terminated users and remove their roles. When a role removal request is made, it will generate a ticket to remove the role. Once the task is completed in the ticketing system, after aggregation, the role should no longer be associated with that identity.
Only auto assigned membership roles will keep your entitlement. I do not understand exactly your objective, but can you try removing role instead of entitlement?
We are getting the accounts for our delimited source from CSV file.
If the account status of a user in CSV file is disabled, we are disabling the account and removing the dummy entitlement using buildmap rule.
Once the dummy entitlement is removed, we want the corresponding role also to be removed.
Our ultimate objective is if the user status is coming as disabled from csv file, we want to disable the corresponding account, remove the entitlement and role pertaining to that source from the users account.
As we are getting accounts status from CSV file, we are using buildmap rule to remove the entitlement/s pertaining to that source. Is there any way where we can remove the role based on the status of account coming from CSV file?