I would like to understand the recommended approach for enabling access requests for 5,000+ Active Directory (AD) groups in SailPoint ISC, with a focus on creating a user-friendly and easily navigable experience for end users.
Requirement:
- Approximately 5,000+ AD groups need to be enabled for access requests.
- These groups should not be part of any birthright access; users should request them on demand.
I am considering categorizing these groups into around 15 logical buckets to simplify navigation. However, I would like guidance on how best to implement this categorization within SailPoint ISC.
One option I explored was grouping them under 15 different applications. However, since applications in ISC can only have access profiles assigned (and not direct entitlements), this would require creating an access profile for each entitlement, which I would prefer to avoid due to scalability concerns.
Could you please share your recommendations or best practices for handling this scenario in a scalable and user-friendly manner?
Thank you in advance for your guidance.
, but exploring options withing SailPoint Request Center or via Forms+workflows