Seeking approch for application account attribute change

IdentityIQ (IIQ) IIQ Discussion and Questions
,
1

Hi Team,

We have a requirement to manage an AD entitlement based on the value of a specific source application attribute named “sneedsdeel.” If this attribute contains either “mcm” or “deel,” the corresponding AD entitlement should be assigned. Otherwise, the entitlement should be removed. Additionally, any future changes to this attribute must be detected so that the entitlement is updated accordingly. Please suggest the best approach to implement this.. this is not a identity attribute..Native change detection detect for every update whether mcm or deel.

2

Hi @sureshbommareddy98

You can use below configuration:

  1. Create an identity attribute.
  2. Map it with this AD application attribute as source mapping.
  3. Create a Lifecycle event on attribute change.
  4. Trigger a workflow whenever the value changes.
  5. In this custom workflow, write a logic to check the previous value and new value. Create a provisioning plan accordingly and process it.

Thanks

3

Another approach would be to enable the Native Change Detection, and create a NCD event.

Trigger a workflow in this case and add your logic what you want to achieve.

4

Thanks for the information
1.How can we validate previous identity and new identity. this is a application account attribute not identity attribute in LCM event.

  1. NCD it will detect each update respective to that attribute but if user had “MCM” value previous then he changed to “deel” we don’t want to detect the NCD bcz we are assigning the same entitlement in both cases except these the two values we should remove the access

    I hope you got the full picture now

5

From the event object, you can get all the details.

6

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.