Not sure if this is what you're looking for....Rules and roles would probably be a good way to go.
New Hires could be configured by a standalone joinerrule like this:
Here you can associate default entitlements across multiple applications in one place, for all users.
Optionally, you can configure roles, in order to create "birthright access" based on any number of criteria (e.g. location, title, etc.) and associate rules to automatically add/remove user as they meet membership definitions. I believe RSA IMG will create the MOVER rules (add/remove member and their entitlements as needed) automatically as part of the role creation. For example:
Leaver could be configured something like this:
Based on collections from HR, you can disable/delete account or just revoke access.
-----
Automation requires some work- such as AFX connector and account template... I've outlined some basic stuff below (mainly for joiner and mover).
You may also want to configure your applications to require an account for entitlements (as needed).
Create an account template for each application (this would include very basic account parameters). Go to Requests > Configuration > Account Templates tab and create an account template for any of your apps. For example, AD would require:
Configure AFX connector to create account and more (e.g. add/remove from group, add/remove entitlement, etc).
Within each application (Resources > Application) go to your Requests tab
Not sure if this is what you're looking for....Rules and roles would probably be a good way to go.
New Hires could be configured by a standalone joiner rule like this:
Here you can associate default entitlements across multiple applications in one place, for all users.
Optionally, you can configure roles, in order to create "birthright access" based on any number of criteria (e.g. location, title, etc.) and associate rules to automatically add/remove user as they meet membership definitions. I believe RSA IMG will create the MOVER rules (add/remove member and their entitlements as needed) automatically as part of the role creation. For example:
Leaver could be configured something like this:
Based on collections from HR, you can disable/delete account or just revoke access.
-----
Automation requires some work- such as AFX connector and account template... I've outlined some basic stuff below (mainly for joiner and mover).
You may also want to configure your applications to require an account for entitlements (as needed).
Out of the box, if you have templates, default workflows, connector bindings, and such, this all should work smoothly with your rules (and roles).
Was this what you were looking for?