HI All,
We have integrated the SAP-Concur application. Now below is the user case.
How can we achieve this use case? What type of rule to be deployed?
Please pour in suggestions.
Nandini
Hi @nandiniks ,
We have many ways. But I suggest these two ways.
The first Way is,
I believe you can utilise workflows in this scenario. Design the workflow as follows: when the user enters a specific LCS state that denotes their departure (using an Identity Attribute Change trigger), retrieve all of their roles, entitlements, and access profiles. Then, using loops, remove their access and using the “Get and Manage Accounts” action to disable the user.
The second way is,
$.changes[?(@.attribute == "cloudLifecycleState" && @.newValue == "terminated")]HI Gokul,
Thank you so much, I did added the source in mappings of the identity profile-workday, the accounts disablement worked straight however, the permissions/roles are not removed.
How would we achieve the role removal when workflows are not enabled in identitynow.
Hi @nandiniks,
Set the LCS=terminated to disable the concur account (under the provisioning tab), and make all of the entitlements RBAC to the active state.
That will achieve what you are looking for
Hi Phil,
Thank you for your reply. Request you more details on “make all of the entitlements RBAC to the active state”.
This will help us achieving what is required.
Hi @nandiniks,
Assuming that the permissions are bundle under entitlements, create a concur role and set the first criteria to the following. This will ensure that only active assignments get the permissions:
Than you Phil, but do we have any way to implement rule or something. As we donot follow RBAC model currently.
If you want to create a rule rather than a role, this guide will help you:
Web Services After Operation Rule | SailPoint Developer Community
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
