Automatic role assignment using task

  • 7011025
  • 24-Mar-2011
  • 19-Oct-2012



We need a task that will:

  1. Check all Identities to see if a particular Business Role is assigned to it.
  2. If not, assign the Business Role to the Identity.
  3. Trigger provisioning of said role for the Identity.


  1. Configure an "Assignment Rule", incorporating logic relevent to your use case, inside the Business Role.
  2. Check the following options for the Identity Refresh task:
    • Refresh assigned and detected roles
    • Provision assigned roles
  3. If you wish to deprovision this role when the "Assignment Rule" logic no longer applies, you must make sure the following option inside the Identity Refresh task is unchecked:
    • Disable deprovisioning of deassigned roles