Yes, with SOD, we will enforce users to submit a role removal request. Whenever they submit a role removal, entitlement removal occurs, and it attempts to execute the ‘Remove Entitlement’ operation.
For writing SOD, you can refer to this link. You may need to tweak it a bit to get the business role of your particular application.
Also, I apologize for missing your point. If your requirement is to remove an IT role and not a business role, making the entitlement attribute single-valued or using a before provisioning rule to remove the entitlement would suffice. Once you remove the entitlement, the IT role will be removed automatically after refreshing the identity with the option below.
