Looking for some clever ideas to deal with this scenario:
I want to run a Non-Employee Account Review. i.e. are these non-employees still valid in the environment or can we trigger leaver process for them?
This is different from normal access review where we aren’t reviewing every line item of access but rather is the account still needed.
Ideally, I want to run the review and on any revoke option, I want to update identity lifecycle to the corresponding Leaver LCS.
Setting up the review, I can choose any arbitrary entitlement to base the review on but when the certification is signed off, I need to cycle through each revoke decision and update the identities lifecycle state.
I was thinking to use workflow to accomplish this but haven’t quite mapped out if this will be possible. Any suggestions or smarter solutions that any of you have done something similar?
NB: Non-Employee source is same as Employees (SuccessFactors OOTB connector)
Ok i get what you are trying to do, So as this is a custom solution you can use Forms+Workflow to make this happen.
Like the way you were going to give option to reviewer saying each entitlement for each LCS, you can directly give the name with a detailed description and ask them to select whichever is necessary.
Ex: for an NELM identity, after 90 days you trigger this. So a form will be sent where pre-populated data will be present in the form for verification purpose lets say email, name, id, hiredate, and title for the user.
Along with this u can give other options saying Which LCS should the user be moved to? once you get a decision from the manager your other workflow will kick in which will only trigger on form submitted. here you can do the LCS movement of the user by not directly updating the LCS but rather modifying the NELM end/hire date or any other attribute that you are leveraging for LCS calculation (Sailpoint has OOTB API for NELM account update PATCH API).
This helps as this is not going to log a certification event due to Workflow execution and form being sent out.