and more in a single search tool across platforms. Read the announcement here. |
03/26/2023 12:26 AM
Hi Team,
We had a requirement that once user request a application after submitting it they the task will be generated. Once we run the provisioning job the task gets complete the application will be assigned to him. Here after we need to give him the AD access.
Once the application assigned to the user automatically the AD access need to be given.
I tried to use technical rule but its depand on user attribute side the rule will trigger
So how can we achive this issue, please let me know anyone is aware of this one
Thanks,
Ramana Muriki
03/26/2023 11:28 AM
Hello @Ramana
Ensure the action must be defined in the technical rule to create the account for the AD endpoint and assign the group. If this is not done, no tasks will be generated for the user.
Both the account creation and group addition actions should be kept, as shown in the screenshot below.
Ref: https://docs.saviyntcloud.com/bundle/EIC-Admin-v23x/page/Content/Chapter05-Policies/Creating-Technic...
Thanks
03/26/2023 09:01 PM
You may want to use Entitlement Map. For the requested application entitlements, map the AD groups in the entitlement map. After approval, when the tasks are created for the requested application entitlement, the tasks for AD groups would also be created and provisioned.
If you want to explicitly create tasks for AD groups after the tasks for the request application entitlements are completed, then you may use actionable analytics which would trigger add access for the AD groups. In the SQL query in analytics, you would determine any requests which were completed and tasks completed, you can trigger AD groups provisioning for such records.
03/27/2023 05:17 AM
Hi Amit,
I mapped the AD group to all requested application.
I requested the application which is maped to AD group but still not able to see the ad task created
Thanks,
Ramana Muriki
03/28/2023 01:18 AM
Could you please share a screenshot of the Entitlement Map? Also, please make sure that the Request-Option for the AD Group entitlement type is set to something other than None (e.g., None(Create Task), Table, etc.)