API to get roles, access profile and entitlement to users and remove it all from from identity

Amrit1897 · May 7, 2025, 9:21am

Can anyone please help me with API to get roles, access profile and entitlement assigned to users and remove them from from identity?

neeraj99 · May 7, 2025, 10:13am

Hi @amishra25

You can try the below api endpoint to remove the AP/Ent/Roles from the identity.

Hope this helps.

kanusha9 · May 7, 2025, 1:01pm

Hi,check the below APi’s

Amrit1897 · May 8, 2025, 12:16pm

It requires id of AP/Ent/Roles. Is there any API available to fetch id of AP/Ent/Roles assigned to an identity?

Amrit1897 · May 8, 2025, 12:18pm

I need API for AP/Ent/Roles assigned to an identity.
Then other API to remove it from identity.

ipobeidi · May 8, 2025, 12:21pm

There is, people these days are just spamming links and not actually help people.

If you want tog rab the ROles , AP and Entitlements of a identity , you need to use Search, with the following body :

{"indices":
["identities"],
"query":{
   
       "query":"id:6e2265a5000149068d8a9fef754ab657",
               
       },
       "includeNested":true
       
       }

The fiueld Included nested you bring you all the Access and APPs people have. you can them determine by the type capture it. and use to remove it.

Now you can also use Innerhit and get specific access with specific caracteristics. Ex:

{"indices":
["identities"],
"query":{
    
        "query":"id:6e2265a5000149068d8a9fef754ab657",
        "innerHit":{
            "type":"access",
            "query":"standalone:true AND source.name:\"AD SOURCE\""
        }
        
        },
        "includeNested":false,
        "queryResultFilter":{
            "includes":["access.id","access.source.name"]
        }
        }

Standalone means if the access comes from the source and is not attached to any AP or Roles.

To remove the access you can Use certifications or even access requests.

Have fun.

Amrit1897 · May 13, 2025, 2:02pm

Thanks @ipobeidi , I believe we don’t have any other v3/beta API apart from access requests( https://sailpoint.api.identitynow.com/beta/access-requests) to remove access. Can you please confirm?

ipobeidi · May 13, 2025, 3:55pm

IMO to remove would be better the Certification than the remove access. Because remove access doe snot solve the sticky entitlement issue.

suresh4iam · May 13, 2025, 4:25pm

If you can use Workflow, look at Workflow to remove ALL leavers' standing access which fulfil your requirement.

kanusha9 · June 18, 2025, 4:57pm

List Roles/Access Profiles/Entitlements Assigned to an Identity:

(https://sailpoint.api.identitynow.com/v3/identity-profiles)

2.Remove Role/Entitlement/Access Profile from an Identity:

POST /beta/access-requests