Hi, I have one use case where I need your input. Here is the scenario - I have one web service connector which is working fine w.r.t account aggregation, entitlement aggregation, create account http operations. I am creating an account using request center - add user to access profile (which internally calling web service and create account http operation).
Now I am looking a solution where if there is any new record in other service which is sql db service (oracle jdbc service type), I need to initiate same create account http operation from web service.
If I am understand your problem correctly, you are looking to have an account create in a source (source A) if the identity has an account in another source (source B). I am also assuming both of these sources are non-authoritative. If any of this is incorrect, please let me know.
I can think of 2 quick options to achieve this using roles.
If access to source B is controlled through access requests, you can make a requestable role that provisions accounts/access to both sources by adding the corresponding entitlements/access profiles from each source.
If access to source B is not primarily controlled through access requests, you can use a role with assignment criteria to grant access for source A, fi the user has an account in source B.
Here is an example for #2. Since the UPN attribute in AD is a field that will always contain an “@” in our environment, this role is checking for the criteria. In this case, since an AD account must have a UPN and it must contain an “@”, if this evaluates to true, that meand the identity has an AD account and access can be provisioned to any source as needed.
Perhaps you can try this with an email field in source B, to then provision access to source A, or maybe source B accounts have some static field you can utilize.
Hi @zachm117, Thanks for your response, yes right both services are non authorative. I will go through the recommended solution and will update you if any queries.
