and more in a single search tool across platforms. Read the announcement here. |
01/14/2024 07:14 PM
Hello ,
We created a Technical Rule that references each user's department number and assigns them a role with the same name as department number, and an Update Rule that re-runs this Technical Rule when changing department number.
With this, we want to assign a role with the same name as department number when onboarding a user, and remove the old department role and assign the new department role when transferring.
(Technical Rule Remove Birthright Access if condition fails is enabled.)
Using the CSV file, we tried to change the department number of a user who has already been granted a role and replace it with the new role.
However, the tasks for the new role and its Entitlement were created, but the Remove Access task for the old role was not.
If it is an Entitlement and not a role, the Entitlement could be replaced by Remove Birthright Access if condition fails, but not a role?
If so, do I need to change any settings?
Solved! Go to Solution.
01/14/2024 07:18 PM - edited 01/14/2024 07:20 PM
You can use deprovision role action in rule
01/14/2024 07:59 PM
Thank you for your answer.
I only want to remove the old department number role this time.
This is tied to Azure AD Entitlement.
And there are other roles tied to Azure AD Entitlement besides the department number role.
I would expect that a Deprovision Role would also deprive you of those roles.
Also, the User Update Rule cannot use variables, so it would be difficult to identify by role name. (There are nearly 900 department numbers.)
01/14/2024 08:01 PM
You can explore