One click access reviews - Manager

Dear All,

Welcome again!!!

I would like to describe about our latest implementation of "One click access reviews". Please do not get scared with the name, this is self service option instead of giving access to certification pages to non admins.

Idea is to launch access reviews with minimal steps for selected criteria. Its a general use case, every one used to launch Access Reviews on department/location/company/section basis. We don't have OOB process/options to launch manager access reviews for specific people.

Please follow the below steps to develop a process:

1. Configure an advanced certification as per your requirements, schedule the AR with future date.
    - Exclusion rule
    - PreDelegation Rule
    - Reminders
2. Develop a form
3. Invoke the form from a workflow, We need a workflow here.
4. Next step after form submission:
    - Create populations for selected criteria
    - Add the population in cloned Certification definition.
    - Trigger/Schedule the certification as per the form inputs.

Please add your comments if any help/code snippets are required.

Multiplexing of Active Directory Apps

Dear All,

Good day to every one!!!

Business used to say that we have huge number of Active Directory applications need to be onboarded. In fact, we need to onboard apps for same target application. It means that When we are requesting for access first time for any new application, the process should not create new AD account. It should add the requested access to existing AD application.

Each application is supposed to be fetch accounts of specific groups. We will need to implement a customization rule to filter out other groups. These list of groups need to be configured in one place. either in application/custom object.

All types of operations, such as Create, Modify, Disable, Delete should be converted as Modify AD Account. We will need to implement this logic in Before provisioning rule.

Remaining configurations are unique(Depends on single org solution/regional solution).

Now, follow below steps to on board thousands of AD apps in minutes.

1. Prepare one AD application template
2. Add rule for all possible customizations to apply the changes to all apps in one go. This is for future enhancements.
3. Implement customization rule, to fetch groups from application/custom object.
4. Implement a before provisionig rule to convert the provisionig plan operation from create to modify.
5. Add provisioning policies in the application.

Step 2:
6. Create one csv file in below format
     "App Name", "memberOf"
7. Develop a custom task to clone the application template, to set the consolidated "memberOf" values from csv file to application/custom object.

Now process is ready, here you go.