and more in a single search tool across platforms. Read the announcement here. |
01/10/2024 01:06 AM
We have an application with two entitlement type - Role (Request Type - None) and Group (Request Type - Table). A user having account in the application will have entitlements belonging to both these entitlement types on their account.
During user termination, we want to create remove account task and remove access tasks for Group, and no remove access tasks for Role. How can this be implemented?
01/10/2024 03:48 AM
Hi @snauni ,
What I can think of as an alternative solution to solve this usecase is
1) In your connector, add a condition in remove access JSON saying If ENTTYPE is Group then YES else No.
2) When the rule is triggered your task might be generated for all the ENT types but while the prov job runs, it will validate the connector configurations and remove only your desired ent types.
Please do post if there is a better/direct solution for this.
01/10/2024 05:28 AM
Hi Pratith,
Thank you for the response, however, our use case is different. As in, we do not even want the remove access task to be generated for 'Role' entitlement type.
01/10/2024 07:58 PM
Under Entitlement Type - Create Task Action = No Action
01/10/2024 10:26 PM
The configuration is already like this for that entitlement type, Create Task Action = No Action. However, the remove access tasks are still getting created.
01/10/2024 10:29 PM
what about "
01/12/2024 04:07 AM
It is 'ON' for us, however, we see the same behavior for 'OFF' as well.
01/14/2024 07:25 PM
You can control in JSON not to perform action in target and complete only in saviynt by making dummy call