We have encountered a issue with the access reviews for direct connector. During the certification process, we are facing an issue where managers are unable to revoke access effectively.
Specifically, when a user has only one entitlement, the system is not allowing us to revoke it. Despite the removal entitlement being marked as passed, the access still remains.
What kind of direct connector is this?
Are you able to see logs on the source side, of what it receives and what it sends back to IdentityNow?
Can you reproduce this in Postman?
It might be that the source doesn’t allow empty entitlements, or is expecting some mandatory values that are not being passed.
Hi @Ankitha09 , for the given scenario, it could be possible that the entitlement is assigned to user twice either via access profile or role. So when the leader attempts to revoke one, they are not allowed to do so because the same entitlement exists in other access profile or role.
Did you check whether the given entitlement is shared across access profiles or roles?
We are currently facing this issue for Zendesk and Sumologic direct connector.
I dont know the api call sailpoint is calling in the background in this case. If possible can u please help me with the CURL?
Hi @gauravsajwan1 , The user has only one entitlement and in the certifications the reviewer decided to revoke that access. That is not working. We are not using roles, so it is only via access profile.