Hi Community,
I’m looking for an API in SailPoint IdentityNow that can be used to programmatically assign an given Entitlement, Access Profile, or Role to an identity.
Can anyone please guide me on which API to use and share any sample payloads or documentation references?
Thanks in advance!
Hello @hkhandale
You can use the following API , if the access item is configured for approval it goes through the approval process .
Hope this helps!
Thanks
Sid
Hi @hkhandale
In case you need this, here’s the required request body of this API call.
{
"requestedFor": [
"Id of the Identity"
],
"requestType": "GRANT_ACCESS",
"requestedItems": [
{
"type": "ACCESS_PROFILE",
"id": "Id of the Access Profile,
"comment": "Requesting AP through API Call"
}
]
}
OR
For Entitlement the type would be;
"type": "ENTITLEMENT",
"id": "Id of the entitlement,
OR
For Role the type would be;
"type": "ROLE",
"id": "Id of the role,
Thanks @nhassan
I am getting success code 202 but as i checked identity the access profile is not assigned.
Below one is access profile configuration
@hkhandale
Please navigate to Request Centre > My Requests. There, you should find the request you submitted. It will provide details on why the access item has not been provisioned.
Hi @hkhandale
This should work as I’ve just tested it in the sandbox.
Is the access profile from a direct connection source e.g AD/AAD? If it’s from a flat file source e.g Jira Access Requests, then make sure user has active Jira account to be able to create a ticket for this access.
As @sidharth_tarlapally mentioned, look for any error when you navigate to Request Centre > My Requests .
Or, in the main search, type in "displayName" of the identity > in the recent account activity log, check the status whether or not it’s completed and look for any error to see the reason that why it’s failed.
Yes @nhassan , i am using AD access profile
Thanks Guys it is working now
