Using the Account collector we import AD groups into RSA.After new groups are collected, we manually set the new groups to 'Available For Request'=No
Can this be automated?
Within the collector or by some kind of rule.
Under application/directory configuration you have a Resource Profile tab.
There you can configure Exclude Entire Application From Add Access And Suggestions - if you want to exclude all authorizations from being requested
Or use Individually Excluded Entitlements and explicitly state which authorizations shouldn't be available for request
If you want to exclude only a subset of authorizations in the same application, as far as I know there is no out of the box configuration to collect them and mark them as 'Available For Request'=No.
Thank you for repling to my question.
I was familiar with your solution. Unfortunately we can't configure the Resource Profile to fit our needs and still would require manual actions to keep it up-to-date.
Consider the following:
Create a custom task which will be scheduled to run after the account collector. It will search for newly collected groups and a report will be sent to a designed person who will have to log in to the product and mark the new groups as not available to request.
Can you describe the business use case in more detail?
Retrieving data ...