Access Requests - but AD groups can’t have more than 100 members

piyasa_d · January 28, 2026, 2:55pm

Background:
Access requests to AD groups is currently enabled and working.

I have been advised new AD groups have been created and should be requestable through ISC but these AD groups cannot allow any more than 250 users in them.

My Question:
Is it possible in ISC, to set a capacity limit to an AD group and fail or reject the request if the limit is reached?

Swegmann · January 28, 2026, 3:01pm

Hello,

I’m not sure this is possible within ISC directly but an idea would be to configure a workflow with PTA and query AD.

All access requests for the given entitlements would have to trigger this workflow.

You would then for each request query the AD to check if the group has <=250 members

If yes = provision

If no = cancel request.

Topic		Replies	Views
Access Requests - but AD groups can't have more than 100 members IIQ Discussion and Questions workflows , rules , identityiq , provisioning , access-requests , entitlements	3	96	April 20, 2025
Active Directory Single Group: Restrict multiple AD groups ISC Discussion and Questions identity-security-cloud , provisioning , entitlements	2	58	November 8, 2025
Limit entitlements selection in Access Request IIQ Discussion and Questions identityiq , access-requests	10	282	May 25, 2025
Limit of Governance Group creation in ISC ISC Discussion and Questions identity-security-cloud	3	76	June 29, 2025
Scheduled Trigger workflow error with search query "maximum of 25 entitlements or 10 recipients are allowed in entitlement request" ISC Discussion and Questions workflows , identity-security-cloud , entitlements	4	147	July 14, 2024

Access Requests - but AD groups can’t have more than 100 members

Related topics