Hello Experts,
We Integrated Workday Accounts with IDN and observed few Access Profiles are getting removed with first Aggregation after they get provisioned.
Most of the Access profiles removed by system are User based Security Groups, any solution to fix this issue or why this is happening.
Thanks,
Mahesh
Are the groups coming in as well? Or are they also falling off. Might want to perform a non-optimized aggregation on entitlements and accounts.
Hi Ben, aggregated without optimizations, still results are same.
I can clearly see in access history system removed access which we provisioned before aggregation.
So the groups are still coming in the aggregation or are they falling off as well? I think in general, SailPoint recommends that you do an entitlement aggregation before the account aggregation to ensure account-entitlement relationships are correct. Are you doing that as well?
Hi Ben,
Assigned Below Access to User
It Got Provisioned and as you suggested ran entitlement aggregation system didn’t removed access
later kicked off Account Aggregation with out optimization and it removed two entitlements
Yes we checked account and entitlement relationship they are correct
Hi @uppala,
Have you checked in your source system (Workday) to see if the entitlements are actually assigned to the user.?
The entitlement removal in IDN after an aggregation is often associated with a failed provisioning in the endpoint.
Hi Joseph,
Thanks for giving me new direction
Steps performed and outcome
Thanks,
Mahesh
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
