Share all details related to your problem, including any error messages you may have received.
Hi Team,
For ex : I have 2 application called App1 and App2 (both are web service connector)
I have a requirement in which i need to de-provision entitlements from both App1 and App2 when manager opt for revoking entitlement of App1 in target access review. I thought to implement it inside after provision rule but i don’t want to use provisioner api. Whats the best approach to handle this scenario.
Is it possible to handle it within any certifications workflow or sub process ?
Your approach of afterprovisioning Rule seems fine for me, just check the source as Certification and have your conditions.
Can I reason why you don’t want to go through provisioner API, if you are looking for audit purpose you can create Custom Audit events during the removal from API to track these removals of second App or Call LCM provisioning workflow using plan with removal details where you will have an identity Request ID, either of this can help you with the audit tracking for reason
No - IIQ Certification process is calling directly provisioner - there’s no LCM (or any other workflow) involved in this process.
The only way I can imagine solving this problem would be before provisioning rule where you can just add provisioning request to the second application if it’s needed.
When you say you don’t want to user provisioner api, what do you mean exactly? You can use LCM prov. workflow in case you want to create request for it for tracking.
Otherwise only option is after provisioning rule , but again you need to add specific condition based on source and then use provisioner API from one application to take action on another application .