Skip all roles for Company

chrisp · August 23, 2021, 11:26am

We’re setting up a list of Access Policies and Roles for various birthright activities. currently just AD groups. The IdentityNow Bulk AccessProfile and Role Importer is working great for us.
One of the overriding requirements is for any user in a certain company(let’s say Oracle), shouldn’t get any groups. Company is an AD attribute.
Is there a better way to do that rather than just add a ‘company does not contain Oracle’ to every Rule?

Thanks,
Chris

colin_mckibben · August 24, 2021, 3:39pm

I think your approach of adding the criteria “company does not contain Oracle” to every role is the correct way.

chrisp · August 24, 2021, 9:34pm

@colin_mckibben Thanks. That seems to be working. Just working through the 25+ roles, and making sure the And/Or combinations all work.

Chris

Topic		Replies	Views
Service Accounts and Roles in AD ISC Discussion and Questions	4	1948	July 19, 2023
How to remove birthright roles using Workflows ISC Discussion and Questions workflows	2	751	November 15, 2022
How to skip role membership evaluation for some identities? ISC Discussion and Questions	2	249	July 19, 2023
Adding entitlements directly to roles with the bulk role importer tool ISC Discussion and Questions apis , identity-security-cloud , roles , entitlements	3	148	April 16, 2024
Role not populating based on source entitlement ISC Discussion and Questions rules , entitlements	1	296	July 19, 2023

Skip all roles for Company

Related Topics