Access Profile Cleanup Notification - SailPoint Identity Services

Feedback Documentation Feedback SaaS Documentation Feedback
,
1
Access Profile Cleanup Notification The Access Profile Cleanup Notification email is sent to a user when their access profiles change due to deleted entitlements on the source. Name: Access Profile Cleanup Notification Subject: Deleted entitlements found in Access Profiles Body: Dear ${user.name}, Due to recent entitlement aggregation and system refresh activity, entitlement changes were detected on the source and have triggered changes relating to your access profiles in IdentityNow. #if($disabledAccessProfiles && $disabledAccessProfiles.size() > 0) The following access profiles now have no valid entitlements and have been disabled: #foreach ( $accessProfile in $disabledAccessProfiles ) $accessProfile #end #end #if($accessProfilesWithDeletedEntitlements && $accessProfilesWithDeletedEntitlements.size() > 0) The following access profiles contain deleted entitlements but still contain other valid entitlements and remain active: #foreach ( $accessProfile in ${accessProfilesWithDeletedEntitlements.keySet()} ) $accessProfile #foreach ( $entitlement in ${accessProfilesWithDeletedEntitlements.get($accessProfile)} ) $entitlement #end #end #end To make any changes to these access profiles in IdentityNow, please log in as an administrator at $identityNowUrl/ui/admin#admin:access:access-profiles . Thanks, The ${PRODUCT_NAME} Team Attributes None. All variable content is provided through global variables. Documentation Feedback
This is the companion discussion topic for the documentation at https://documentation.sailpoint.com/saas/help/common/emails/et_ap_entitlement_change.html
6

Is there an email template that can be used for roles in this way?

In ISC the option was added to add entitlements directly to roles.
This also means that, whenever an entitlement is removed from a source, this could impact roles.
We just had such a thing happen at a customer of ours and they were completely in the dark of this happening (and new joiners did not process correctly because of it).

I’m looking for the same email template but it being triggered when an entitlement deletion impacts roles instead of access profiles.

Kr
Stefan

7

We do plan on adding notification when an entitlement is removed from a role because the entitlement was deleted in the source and removed from ISC. However, it is not committed on the roadmap yet. I don’t believe there is an IDEA in the portal for this so adding an IDEA would be great as it helps to bump up the priority.