Workgroup membership not removed - IdentiyIQ Loopback connector & Identity Refresh

Version 8.2
Hello Community,

The revoked identity keeps adding back to workgroup after Identity Refresh Job.
We have Identity IQ Loopback connector in place to request WG as entitlements and is tagged to IT role for provisioning and deprovisioning.
We have deprovisioned the access successfully but resurfaces next day.

Below is the setup we have
Day 1

1. IT Role with entitlement from LoopBack Connector > deprovisioned IT Role

Day 2 After Identity Refresh and Loopback connector Aggregations

1. The identity is part of entitlement and WG
2. IT role coming up as detected
3. WG is added back under Identity Loopback Connector

What are we missing here , how can we revoke the user form WG, IT Role, Entitlement and not resurface, this is just for one single identity and cannot use the Role configuration impacting large scale.

Thanks

Hi @shivakarasani199,

if the it role is detected means that IIQ doesnt remove the IT role from account on day 1.
Can you see the deprovisioning on day 1? and are you sure the entitlement is removed from account?

share the log\plan, if you can

Hello @codey apologies for the late response.

So we tried multiple ways to revoke everything , via debug page and batch requests and access requests everything is cleanup but somehow this gets added back in next refresh/aggregation of IdentityLoopBack Connector

Hi! To find out what I can do, say @codey display help.

@shivakarasani199 Can you check project result/admin console or share us the logs during the first attempt of IT role removal ?

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.