Needing some assistance with building a workflow to disable an account once an access profile or entitlement is removed from the user profile. Here is what I started building, any guidance will be appreciated!
Using trigger “Native Change Account Update”
Starting filter with: $.entitlementChanges.removed
Follow by Action “Get access” to select the identity, Action “Manage Accounts” to disable the account. - End Step.
Steps looks good (until tested) but you would need to add a step to identify name of the source for which native change was detected as workflow will run for all sources.
If users has multiple entitlements on source then you need to verify if all entitlement has been removed before proceeding for disable operation which will require a loop operator.
Just a word of caution: It will become a challenge (no list operator available on workflow) if user has multiple entitlements on source and native change has not deleted/detected that all entitlements so ideally disable operation shouldn’t be triggered.
Small correction in filter
$.entitlementChanges[?(@.attributeName==entitlement type of source)].removed
Thank you Anshu.
Maybe I’m entering the trigger filter wrong, I have tried these two below, but it doesn’t seem to trigger off:
Example:
$.entitlementChanges[?(@.attributeName==“Name of entitlement”)].removed
and
$.entitlementChanges[?(@.id==“ID number”)].removed
within my other step I’m also using “Manage Accounts” specifying which account I want disabled and the action “Disable Accounts”:
Example:
$.getAccounts.accounts[ ‘AD - Account source -’].id
Kevin,
$.entitlementChanges[?(@.attributeName==“Type of entitlement”)].removed
Type of entitlement → memberOf, group, role etc
Thanks
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.