• State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 93 subscribers
  • Views 4252 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Attestation of Application Roles in case of an event

saba.naaz
over 5 years ago

 HI Experts,

 

I need to implement an attestation use case where attestation can be triggered on an event. For.e.g. Whenever an entitlement is assigned to a user in a connected endpoint ( like AD) and upon Reconciliation , the entitlement is updated in OneIM, this should trigger an attestation case to the Manager asking to attest the newly assigned role.

Looking for your suggestions on how this can be implemented.

Is there any way we can detect the change in Data ( like what happens in case of SOD violation which gets detected whenever there is a change in data )  and trigger an attestation  case.

 

Thanks in Advance !

 

Saba

Parents
  • 0 over 5 years ago

    Thanks Markus,

    I started working on the suggested lines but i am not sure on what i should be choosing/supplying in my process step that can trigger attestation cases .

    I have created an attestation policy( along with procedure, workflow etc) to run attestation on AD group -user membership. I tested this working when triggering directly from manager tool.

    I have also created an a process chain on PostSync event for ADSAccountInADSGroup table and added a new process step but i am not sure on what to do in process step so that the attestation cases can be triggered using my attestation Policy.

     

    In addition, how would i identify if a record in ADSAccountInADSGroup is inserted by Synchronization user as all the records in this table seems to have inserted by QBM_DBQueueProcess

     

     

    Please suggest me the way forward.

    Thanks!

Reply
  • 0 over 5 years ago

    Thanks Markus,

    I started working on the suggested lines but i am not sure on what i should be choosing/supplying in my process step that can trigger attestation cases .

    I have created an attestation policy( along with procedure, workflow etc) to run attestation on AD group -user membership. I tested this working when triggering directly from manager tool.

    I have also created an a process chain on PostSync event for ADSAccountInADSGroup table and added a new process step but i am not sure on what to do in process step so that the attestation cases can be triggered using my attestation Policy.

     

    In addition, how would i identify if a record in ADSAccountInADSGroup is inserted by Synchronization user as all the records in this table seems to have inserted by QBM_DBQueueProcess

     

     

    Please suggest me the way forward.

    Thanks!

Children
No Data