Workday Account Connector: How can we Exclude Inactive entitlements?

We are working with the Workday Accounts Connector and are bringing in the Workday User-Based Security Groups to do certification on. What we saw was that it is pulling in User-Based Security Groups that are in an Inactive state in Workday.

We went back and reviewed the documentation, and it seems that this is the intended operations for this, based on the 3rd bullet in the note at the bottom of this page

We would like to exclude these from the Certification, but we are unable to since they are pulled in, and there is no way to determine in SailPoint if they are Active or Inactive. We could call them out specifically, but that becomes another list to maintain, so I was wondering if someone has a suggestion for a way we could get access to the “inactive” status of the role, or another way to exclude them?

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.