I’m not sure what is going on. I requested access for an entitlement and the access request is immediately cancelled. In the admin panel for access requests, when I click on the request, I can see only this:
How can I see further log details as to why the request was cancelled?
Also, why would this type of thing happen? I have requested this entitlement in the past with no issues.
Hey Vic,
Could you check, in Admin > Global > System Settings > System Feature, if the parameter “Access Request” and “Enable Entitlement Requests” has been activated ?
Yes, we have access requests enabled. The checkbox is kind of grayed-out, which looks a bit odd. Also, I see this in the top-right of that same window:
I’m not sure if I’ve noticed that before, but is that maybe connected? We have over 5000 identities.
Can you check for error details by navigating to Admin → Identity Management → Activities or search for type:provisioning on the Search page. Do you see any details related to your request?
I don’t see an errors with that search because it doesn’t appear that the request is even getting to the provisioning step.
As you can see, we use to get provisioning failures during out testing, but now the most recent requests all just go straight to a Cancelled state. They don’t even appear to attempt provisioning.
Hi Vic,
1.What type of connector entitlements you are trying to provision?
2.Is entitlements assigned to user via Access Profiles? or Already Assigned at Source Level?
3.Is there any SOD Policies Configured to those entitlements?
4. Double-check that the entitlement you’re requesting exists and is accessible.
5. Check authentication token is valid and not expired.
-Mahesh
Hi Vic,
It’s worth checking these few things.
Did you check whether the intended user already have this access? You can run this search query to see who has got the access. @access("ENTITLEMENT_NAME")
Is there a workflow setup that auto cancels this specific access request?
Was there any expiration date set when you were requesting this access?
In Source configuration did you enabled Configure Provisioning Operations in the Connector? and does service account have enough permissions on particular database roles to provision users?
And check your rule
Check CCG Logs for detailed logs (make sure you have logs enabled for connector)
-Mahesh
Well, I opened a ticket with SailPoint. The issue kept occurring. I then tried again this morning and the access request process worked as expected. I didn’t change anything as far as I know. How did it work, then break, then work again? Not sure. SailPoint support didn’t have any answers either.
