We’re setting up a list of Access Policies and Roles for various birthright activities. currently just AD groups. The IdentityNow Bulk AccessProfile and Role Importer is working great for us.
One of the overriding requirements is for any user in a certain company(let’s say Oracle), shouldn’t get any groups. Company is an AD attribute.
Is there a better way to do that rather than just add a ‘company does not contain Oracle’ to every Rule?
Thanks,
Chris