SailPoint ISC Mover Use Case – Department Attribute Change Triggering Salesforce Role Revocation via Approval Workflow

Identity Security Cloud (ISC) ISC Discussion and Questions
,
1

Hello Developers,

Hope you are doing good!

Mover: If a worker’s “Department” or “Job Title” is updated in Oracle HCM, this will be considered a mover use case. The following actions will be performed by SailPoint:

  • Existing Salesforce Business Roles Access: SailPoint will execute a workflow to create a revoke access request for each Salesforce business role. After the predefined approval flow, SailPoint will either revoke or retain the Salesforce business role/access based on the approver’s decision.

    Please find the above mover scenario and attached workflow JSON. Based on testing, the workflow is working as expected. Could you please confirm if this design is correct for handling Department-based mover use cases in SailPoint ISC?

    DeptChangeSalesforceAccessRevocationWorking20260619
    DeptChangeSalesforceAccessRevocationWorking20260619858×1160 35.2 KB

    DeptChangeSalesforceAccessRevocationWorking20260619.json (4.6 KB)

2

Hi Sahaik,

I would have recommend a RBAC approach, but as you mentioned it is going to be a Approval flow involved. I believe this should be good.

3

Hi @Shukur,

I would recommend to use RBAC approach if possible, else this also looks good.

4

Hello @luckyn

Thanks for your updated.

5

hello @UjjwalJain

Thanks for your update.