Addition/Extension of entitlement sunset date to the target applications

ksivakumar · October 24, 2025, 7:48am

Which IIQ version are you inquiring about?

8.3p5

Please share any images or screenshots, if relevant.

[Please insert images here, otherwise delete this section]

Please share any other relevant files that may be required (for example, logs).

[Please insert files here, otherwise delete this section]

Share all details about your problem, including any error messages you may have received.

One of the requirement we have is to send the sunset date of the entitlement request to the target system. We are able to achieve this in ADD Entitlement operation whereas during extensions, we are not able to send the new sunset date to the target as IIQ is not processing(By default, a sunset date change does not create a provisioning plan if done from manage access in IIQ.) it as update/extend to the target.

ksivakumar · October 24, 2025, 7:49am

This is part of Webservice integration

msingh900 · October 24, 2025, 2:49pm

You can add the sunset date in the plan while setting up ADD ENTITLEMENT operation in the before provisioning rule.

msingh900 · October 24, 2025, 2:50pm

If you need code to update the plan with the sunset date, let me know. I will share that.

ksivakumar · October 24, 2025, 3:38pm

Hi Manish,
For addition of entitlement with the requested sunset date, we are able to provision the entitlement to the Webservice application along with sunset date. This is working fine.

When an extension (future sunset date) of already assigned access is requested from Manage user access page, we couldn’t get the plan in the before provisioning rule to process the request to target

msingh900 · October 24, 2025, 3:46pm

Write a logger statement to print the plan XML in before provisioning rule and then raise a request through Manage User Access page.

Once the request is raised, checked the logs for the plan xml.

It should be showing up in before prov rule.

ksivakumar · October 28, 2025, 4:08pm

Hi Manish,
If an entitlement already exists for an identity, SailPoint does not generate a new provisioning policy - it simply cancels the request. So the plan will not reach the application before provisioning rule. Loggers are not getting printed.

system · December 27, 2025, 4:09pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Setting sunset date and provision entitlements through a standalone rule IIQ Discussion and Questions rules , identityiq , provisioning , entitlements	5	191	January 25, 2025
Sunrise and sunset for access request IIQ Discussion and Questions identityiq , access-requests	12	495	December 31, 2024
Adding Sunrise/Sunset Dates Programmatically to Specific Entitlements IIQ Discussion and Questions workflows , identityiq , provisioning , access-requests , entitlements	3	560	October 22, 2024
Sunrise/Sunset role assignment functionality via API calls from ServiceNow IIQ Discussion and Questions	8	2780	July 19, 2023
How to Pass Access Request Expiration Date to Add Entitlement in Web Services Connector ISC Community Knowledge Base webservice-connector , identity-security-cloud , provisioning	9	121	December 29, 2025

Addition/Extension of entitlement sunset date to the target applications

Which IIQ version are you inquiring about?

Please share any images or screenshots, if relevant.

Please share any other relevant files that may be required (for example, logs).

Share all details about your problem, including any error messages you may have received.

Related topics