Hello,
I would like to have an IDN workflow so that when user has Entitlement X (through Access Profile added, or from aggregation) then workflow will call API to grant IDN Permission (eg Role Admin)
Any ideas on what trigger I can use to achieve this?
I am looking for some way to manage IDN Roles/Permissions (eg Org Admin, Role Admin etc) without manually updating Permissions on the identity (like below)
Thank you
Hi Jason,
Did you had a look at the " Access Request Decision" trigger ? It looks like you have the name of the requested access in the payload, so you can use it in a workflow.
Hi @colin_mckibben @olivier_detilleux
In the Requested Access It displays only Access profile name, but how do we get the Entitlement name which is within Access Profile? I tried using GET ACCESS by passing the search query as name:AccessProfileName and it returns only access profile’s name, id and type. However, I need the entire json object of that access profile requested so that I can retrieve the entitlement name from it.
Just an update on what I did to resolve my issue.
I created a WebServices / Loopback connector as per here: SailPoint IdentityNow - Introduction to loopback connectors (linkedin.com)
Then I created the Access Profiles for the IDN permissions. (eg IDN Cert Admin, IDN Org Admin, Helpdesk etc)
That way, all is good now. Users can request or be assigned IDN Admin permissions via access profiles, and we can also run certifications on all IDN Admin users.