Hi all, we are currently facing the issue that the work groups we that were created within the last 5 years we are using IIQ have only inactive identities as members/ have an inactive owner/ have members which changed teams. How do you manage your workgroups? Do you have any tasks which are scanning workgroups and remove employees/owners if they are inactive? Do you remove people from workgroups via the mover process? Is there any way to manage Workgroups via Entitlements in IIQ?
Hi @marlinp,
You can try leveraging the AD groups for this. The members of the Workgrop will be assigned by the members in a specific AD group. A custom can be developed which can make sure that the users in the Group is updated with the Workgroup members. This will ensure that users removed from the group will be removed from the AD group. Hence the already configured leaver and mover process will take care of work group members. And this way workgroups can be managed as entitlements via AD groups.
Hi @marlinp , if you want remove inactive users from the workgroup, we can use simple rule to remove those members from the particular workgroup.
import sailpoint.api.SailPointContext;
import sailpoint.object.Identity;
Filter inactiveFilter=Filter.eq("Inactive","true");
QueryOptions qo = new QueryOptions();
qo.addFilter(inactiveFilter);
Iterator<Identity> idIter = context.search(Identity.class, qo);
Identity workgroup = context.getObjectByName(Identity.class, "Workgroup Name");
int count=0;
log.error("****Hello Start Removing***");
while(idIter.hasNext()) {
Identity id = idIter.next();
id.remove(workgroup);
context.saveObject(id);
count++;
log.error("Removed count"+count);
}
log.error("***Removed Succesdfully*****");
context.commitTransaction();
Couldn’t you also create an IIQ Application and use the loopback adapter, that way you can manage workgroups, capabilities similar to how you handle AD groups?
Thanks for the replies!
I am now using the loopback connector to handle the workgroups as capabilities (thanks @karena) - which allows me to manage them via our Business Roles and I adapted @bellamkonda_vb Code in order to scan for all the Workgroups wich only contain inactive members.
1 Like
In addition to this, certifying workgroups is a also a good idea as it leads to better complaince processes
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.