I need to create a workflow to add user to the required Azure AD group (depend on which access profile is provisioned) once their access request is approved.
E.g I have below 5 requestable access profiles from different sources;
1: Access_Profile_1 from a non direct source
2: Access_Profile_2 from a non direct source
3: Access_Profile_3 from a direct source
4: Access_Profile_4 from a non direct source
5: Access_Profile_5 from a direct source
When user request is approved for one of the above 5 access profiles, then workflow should add this user to below respective Azure AD group. These groups are listed as entitlements in the Azure AD source but these are not the entitlements attached to above access profiles.
Azure AD groups:
For Access_Profile_1: User should add to this group (Test Azure AD Group1)
For Access_Profile_2: User should add to this group (Test Azure AD Group2)
For Access_Profile_3: User should add to this group (Test Azure AD Group3)
For Access_Profile_4: User should add to this group (Test Azure AD Group4)
For Access_Profile_5: User should add to this group (Test Azure AD Group5)
Can you please advise the steps on how to achieve this?
The Trigger you will be using is âAccess Request Decisionâ and then have a operator compare string that will compare if Access Profile name ($.trigger.requestedItemsStatus[*].name) is Access_Profile_1, if true you will use create-access-request | SailPoint Developer Community to add groups you mentioned to the user.
If compare string gives you false, then you will compare the name of Access Profile is Access_Profile_2, if that gives you true you will again use create-access-request | SailPoint Developer Community and add Test Azure AD Group2.