JacobBice (Customer) asked a question.
We want to add a quarterly review over non-employees, not over their access but whether they should be active or terminated. To do this we want to add a rule that grants a local entitlement to all users in RSA, so the review can be over the local entitlement and we can set up a workflow that will terminate the user if that entitlement is revoked. We have local entitlements already being used through other rules, but the entitlements don't map to the users on their access page, so we can't review them. How can we set up an automated process so all users whose worker type attribute = Non-Employee will have a local entitlement? Suggestions are welcome if another method of reviewing terminated status for non-employees is available
One approach is with roles.
Create a role with a membership condition - who should be part of the role. In your example, the non employees, based on a specific attribute.
The system will automatically add the relevant users to this role.
During access review, reviewers will be able to remove this role, which will create a change request and as part of the change request you can orchestrate additional activities.
Another approach is to add the local entitlement explicitly to the relevant users
The change request:
User's access:
Configuration of my local entitlement collector
This can be a one time activity. Going forward, you can configure a rule to add the local entitlement to all new non employees:
I assume you don't have an authoritative source for storing and managing non employees lifecycle (joiner/mover/leaver and etc).
Consider managing the non employees in RSA G&L.
You can create a form to manage a non employee, assign an owner, due date, update status, request access, remove access, terminate and etc.
The information on these users can be stored under AVCS DB schema.
It will allow you apply similar processes on these identities while maintaining all audit trail and manage their lifecycle