Please share any images or screenshots, if relevant.
[Please insert images here, otherwise delete this section]
Please share any other relevant files that may be required (for example, logs).
[Please insert files here, otherwise delete this section]
Share all details about your problem, including any error messages you may have received
Hello, need some guidance on how to remove a role after 90 days. I know about the sunset function to select a removal date when requesting a role through “Manage User Access”. But I want to automatically remove a business role that was provisioned using the match list criteria.
Hi @regilicha , If you don’t find anything OOTB , two quick Ideas -
Identity Refresh workflow - Probably you can customize the Identity Refresh Workflow . You will get the project there , which assigned the roles in “Finish Refresh“ Step for connected application , after that step , fetch the role details from plan and create a workflow , which will take input from that plan and schedule it after 90 days . After 90 days , it will automatically trigger and remove that role .
From Assignment Rule - If the criteria matches , you can schedule a workflow from there before returning true . After 90 days workflow will trigger and will remove that role .
Think from this perspective , we can brainstorm further on this.