This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA® Identity Governance & Lifecycle Discussions

Discussions about RSA Identity Governance & Lifecycle.
AlanAbcarian1
Beginner
Beginner
‎2020-06-17 01:42 PM

IGL Roles and auto-assignment of entitlements

Hello, we have an interesting situation.  Right now, we have roles set up for all employees to gain access in our Oracle EBS suite as part of their birthright access when they join the company.  The entitlements in these roles are correctly being assigned automatically in Oracle.

 

We have also developed separate roles for our role-based provisioning initiative that has Oracle EBS entitlements in it, however we do not want these entitlements to be automatically assigned to the employees that fit the membership criteria.  Rather, we would like the newly developed roles to assign a manual task while still allowing the birthright entitlements for new employees to be automatically granted via the Oracle EBS Connector.

 

Is this easily possible?

Labels (1)
Labels
0 Likes
Reply
3 Replies
JamiePryer
Moderator Moderator
Moderator
‎2020-06-18 11:46 AM

i might be confused, however could you not:

 

1. have a role for the birthright access you need, which is auto applied as per the joiner process.

2. you have another role, which end users need to manually request access for?

 

so if you split it out into 2 separate roles, would that work?

0 Likes
Reply
D.S.9
Occasional Contributor Occasional Contributor
Occasional Contributor
‎2020-06-19 02:30 PM

It's possible but how easy is it to implement depends on how familiar you are with the workflows. 

 

Basically, you will need to create a decision tree inside the fulfillment workflow for Oracle EBS where you choose the path i.e. AFX[Automated fulfillment] or MF [Manual fulfillment] depending on how the CR was created or other criteria based on your use-case for decision node. 

Reply
AhmedNofal
Moderator Moderator
Moderator
In response to D.S.9
‎2020-07-17 11:01 PM

If you are asking about conditional provisioning of entitlements comming from the same directory/application with a valid and working AFX connector mapped to that directory/application where you want some entitlements to be provisioned via AFX while other to have a manual activity assigned, then I believe Dipendra's approach is the way to go. 

On a side note, are you able to divide the entitlements requiring manual fulfillment and move them to a "new" business source that will have the manual activities workflow set for fulfillment & won't have a connector bound to it?

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.