AnsweredAssumed Answered

Check to see entitlement still exists before sending manual fulfillment email

Question asked by Jason Shepard on Mar 22, 2018
Latest reply on Mar 27, 2018 by Boris Lekumovich

Like • Show 0 Likes0
Comment • 5

Hi all,

Looking for advice /best practice here.

We launch quarterly access reviews for some applications. Sometimes, before a supervisor gets around to do the review an employee has already left and access has been removed based on normal termination procedures. When the supervisor gets around and marks the users access to be revoked in the review we have it set to a manual fulfillment and it emails the help desk.

Right now, the help desk are getting emails to remove access for users that have already been removed, due to the delay in completing the review.

What is the best way to check that the access is still there before sending the remove email?

No one else has this question

Outcomes

Boris Lekumovich

Mar 23, 2018 7:46 AM

By using the refresh items functionality you can lower the occurrence of such cases.

You also have a refreshReview API which you can leverage (instead of performing a manual refresh).

For example, at night after collectors have ran, schedule an API request to refresh the review results.

Actions

Jason Shepard @ Boris Lekumovich on Mar 26, 2018 11:29 AM

Thanks,

I thought about this but wouldn't it bring new users into the review as well as removing the terminated ones? What do you think about and SQL Node and then a decision based on the results?

Actions

Boris Lekumovich

@ Jason Shepard on Mar 26, 2018 11:03 PM

Yes, new users will be added into the review.

Your suggested approach might work, but it really depends on how the fulfillment is done.

Actions

Jason Shepard Mar 27, 2018 2:35 PM

I was able to accomplish this, I think. So far testing is going well. I created 2 SQL Select Nodes and then a Decision based on a variable. to check if the account in the change request is already disabled and if true, it stops the workflow and the change request completes. If it is false, it continues and sends the fulfillment email.

Actions

Boris Lekumovich

@ Jason Shepard on Mar 27, 2018 8:04 PM

You should test a scenario where you revoke several accounts (disabled and enabled)

Actions

5 Replies

Boris Lekumovich Mar 23, 2018 7:46 AM
Mark Correct
Correct Answer
By using the refresh items functionality you can lower the occurrence of such cases.

You also have a refreshReview API which you can leverage (instead of performing a manual refresh).
For example, at night after collectors have ran, schedule an API request to refresh the review results.
Like • Show 0 Likes0
Actions
- Jason Shepard @ Boris Lekumovich on Mar 26, 2018 11:29 AM
  Mark Correct
  Correct Answer
  Thanks,
  
  I thought about this but wouldn't it bring new users into the review as well as removing the terminated ones? What do you think about and SQL Node and then a decision based on the results?
  Like • Show 0 Likes0
  Actions
  - Boris Lekumovich @ Jason Shepard on Mar 26, 2018 11:03 PM
    Mark Correct
    Correct Answer
    Yes, new users will be added into the review.
    Your suggested approach might work, but it really depends on how the fulfillment is done.
    Like • Show 0 Likes0
    Actions
Jason Shepard Mar 27, 2018 2:35 PM
Mark Correct
Correct Answer
I was able to accomplish this, I think. So far testing is going well. I created 2 SQL Select Nodes and then a Decision based on a variable. to check if the account in the change request is already disabled and if true, it stops the workflow and the change request completes. If it is false, it continues and sends the fulfillment email.
Like • Show 0 Likes0
Actions
- Boris Lekumovich @ Jason Shepard on Mar 27, 2018 8:04 PM
  Mark Correct
  Correct Answer
  You should test a scenario where you revoke several accounts (disabled and enabled)
  Like • Show 0 Likes0
  Actions

Check to see entitlement still exists before sending manual fulfillment email

Outcomes

Related Content

Recommended Content