We need a task that will:
- Check all Identities to see if a particular Business Role is assigned to it.
- If not, assign the Business Role to the Identity.
- Trigger provisioning of said role for the Identity.
- Configure an "Assignment Rule", incorporating logic relevent to your use case, inside the Business Role.
- Check the following options for the Identity Refresh task:
- Refresh assigned and detected roles
- Provision assigned roles
- If you wish to deprovision this role when the "Assignment Rule" logic no longer applies, you must make sure the following option inside the Identity Refresh task is unchecked:
- Disable deprovisioning of deassigned roles