Service standard IdentityNow Before Provisioning Rule

chandramohan27 · April 14, 2025, 3:51pm

Hi,

I’m using “Service standard IdentityNow Before Provisioning Rule” to remove entitlements when LCS is terminated. But I don’t see the entitlements getting removed. Any suggestions would really help!

‘’‘[
{
“op”: “replace”,
“path”: “/connectorAttributes/cloudServicesIDNSetup”,
“value”: {
“eventConfigurations”: [
{
“eventActions”: [
{
“Action”: “RemoveEntitlements”,
“Attribute”: “RESPONSIBILITIES”,
“Value”: null
}
],
“Identity Attribute Triggers”: [
{
“Attribute”: “cloudLifecycleState”,
“Value”: “terminated”,
“Operation”: “eq”
}
],
“Operation”: “Disable”
}
]
}
}
]’‘’

vishal_kejriwal1 · April 14, 2025, 3:58pm

This value need to be terminated despite of active

vishal_kejriwal1 · April 14, 2025, 3:58pm

Also hope you have added this source in disable source for the terminated LCS

chandramohan27 · April 14, 2025, 4:00pm

@vishal_kejriwal1 sorry My bad, I’m actually using ‘terminated’ here. Updated the above post..

chandramohan27 · April 14, 2025, 4:04pm

@vishal_kejriwal1 Yes, Source is added there

vishal_kejriwal1 · April 14, 2025, 4:13pm

Can you try adding g below additional entry in action ?

{
“Action”: “RemoveStickyEntitlements”,
“Attribute”: “RESPONSIBILITIES”,
“Value”: null
}

chandramohan27 · April 14, 2025, 4:18pm

@vishal_kejriwal1

Yes, I tried updating the conditions. But still no luck.

    {
        "op": "replace",
        "path": "/connectorAttributes/cloudServicesIDNSetup",
        "value": {
            "eventConfigurations": [
                {
                    "eventActions": [
                        {
                            "Action": "RemoveEntitlements",
                            "Attribute": "RESPONSIBILITIES",
                            "Value": null
                        },
                        {
                            "Action": "RemoveStickyEntitlements",
                            "Attribute": "RESPONSIBILITIES",
                            "Value": null
                        }
                        
                    ],
                    "Identity Attribute Triggers": [
                        {
                            "Attribute": "cloudLifecycleState",
                            "Value": "terminated",
                            "Operation": "eq"
                        }
                    ],
                    "Operation": "Disable"
                }
            ]
        }
    }
]```

chandramohan27 · April 14, 2025, 5:02pm

It is now working with OPERATION set as “Modify”. But I see this is working only for LCS = terminated [Calculated from Transform]. But not when the LCS is manually set to “terminated”

vishal_kejriwal1 · April 14, 2025, 5:54pm

wired it should work.

chandramohan27 · April 14, 2025, 6:18pm

Can any one help me with the event configs if the rule works when the LCS changed manually as well.

Thanks,

chandramohan27 · April 14, 2025, 6:53pm

Disable account is fired before the LCS set is complete.. I think that could be the reason of remove entitlement didn’t work.

vishal_kejriwal1 · April 14, 2025, 8:18pm

No it disable will fire only once LCS changed to terminated .

srezzaki · April 14, 2025, 9:01pm

Check if the target source has the information about the rule in “beforeProvisioningRule” feature and also is the termination lifecycle state triggers a Disable account request on the target source ? if it’s not you should switch the operation to modify and also is this “Identity Attribute Triggers” triggers an action in the target source, is there any attribute synchronization or any configuration that launch a process on the source ?