Is it possible to use IGA to create permissions like AD groups ?

As the subject says - Is there a way that I can use IGA to request the creation of new AD groups ? Currenlty the creation of new AD groups is outside of IGA, ideally it should be inside IGA so we have full audit trail.

  • 0  

    The fulfillers support a number of change request types.The AD fulfilled out of box only supports 5 of these:

    • Remove Permission Assignment
    • Remove account
    • Add permission to user
    • Give User Access to Application
    • Remove permission from account

    The other 8 are: 

    • Assign User to Account
    • Remove user from account
    • Modify Permission Assignment
    • Modify Account Assignment
    • Remove User Access to Application
    • Add technical role to user
    • Modify Account
    • Remove Technical Role Assignment

    And while I'm not sure what all of these are explicitly for, it doesn't look like any of them are for permission creation in a target app.

    Management of new groups might be something more suited for IDM at the moment.