Hi,
Running Identity Governance 3.7.3 on SLES 15.4.
I am collecting Identities from Idm using 'eDirectory Identity Collector' and collecting Accounts and Permissions from Active Directory using AD Account Collector / AD Permission Collector
I have a number of business roles that are used to Add and Remove permissions in AD using the auto-grant & auto-revoke.
The problem i see with business roles detection is that it gets evaluated immediately after publishing Identities, without waiting for Application data to published. This results in fulfillment failures for all new users for whom identity is collected but account collection is still pending.
Is it possible to add a criteria in the business role membership so that it waits for the account before opening a fulfillment task.
We have a number of business roles with auto-grant and auto-revoke permissions so it's important for us to get this working. Any advice on how to troubleshoot this would be appreciated.