We want to set the expiry date of user accesses/entitlements. Is there any way we can achieve this. Also want to revoke the accesses/entitlements based on the expiry date. How to achieve this use case. Kindly suggest.
We want to set the expiry date of user accesses/entitlements. Is there any way we can achieve this. Also want to revoke the accesses/entitlements based on the expiry date. How to achieve this use case. Kindly suggest.
You can use future dated requests for that. By default, out of the box, when you request any access change (add or remove) you can set a Fulfilment Date and/or a Revocation Date.
So for example:
You can do the same thing in reviews if you enable the Maintain with Expiry option in the Review definitions.
Mostafa Helmy how would you set a standard value for the period for the Revocation Date or Fulfilment date? Could you set (enforce?) this through the request form?
Though you can set Fulfilment/Revocation dates on all explicit change requests generated by users through the UI, we do not have a way to set some sort of a global limit on those dates.
If you are using Custom Request Forms, you can set custom date fields that part of your Custom Request Form to be used as the Fulfilment/Revocation dates. Inside the form, you can use some sort of validation to control the period of those dates.
I believe you can accomplish this goal through the review process by leveraging Exceptional Access.
Search RSA Link for Exceptional Access.
For example.
RSA Identity - Rules and Violations