SecurID® Governance & Lifecycle Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID Governance & Lifecycle experts.
Article Number
000036752
Applies To
RSA Product Set: Identity Governance & Lifecycle
RSA Version/Condition: 7.1.0
RSA Version/Condition: 7.1.0
Issue
Change requests with user entitlement changes that require an account, create change items against the account instead of the user as they were in previous versions. When a user has multiple accounts in a business source, Global Forms prompt for the appropriate account for each entitlement. The account only needs to be identified once at the business source level for each user in this situation.
As of version 7.1.0 P 01, change request behavior has been changed to enforce the paradigm of having all access be associated with an account when possible.
Release notes show:
As of version 7.1.0 P 01, change request behavior has been changed to enforce the paradigm of having all access be associated with an account when possible.
Release notes show:
User access requests for entitlement changes apply the following rules:
- User entitlement changes that require accounts are always account changes.
- User entitlement changes with no assigned accounts remain user changes.
- User entitlement changes with one assigned account are created as account changes.
- User entitlement changes with multiple assigned accounts prompt for account selection and are created as account changes.
Resolution
As of version 7.1.0 P 02, a new option for Multiple Account Resolution is provided in the global form definition (In the UI go to Requests > Configuration > Request Forms). This modifies the behavior of the form to only prompt for a user's account once per Business Source. The default behavior is to prompt for each entitlement.
Image description
An additional change is provided in 7.1.0 P 03 which will further reduce account prompts if accounts are collected to a Directory and then just mapped to users by the application's account collector(s). In this case, when the Once per business source option is selected, then the Business Source is the Directory and would only prompt once, even though the accounts could be mapped to many applications.
Image descriptionAn additional change is provided in 7.1.0 P 03 which will further reduce account prompts if accounts are collected to a Directory and then just mapped to users by the application's account collector(s). In this case, when the Once per business source option is selected, then the Business Source is the Directory and would only prompt once, even though the accounts could be mapped to many applications.
Beware of making collector changes to take advantage of the Directory account collection. It can cause a one-time long-running Indirect Relationship Processing run.
In this article
