Detect access granted via IDN access requests or outside?


I have a use case for which I need to identify if the access was granted via an IDN access requests or outside of the access request process, what’s the best way to find this?

Depending on the above, revoking the access can have options outside of IDN or not, due to the stickiness of entitlements. Refer below.

Once an entitlement has been assigned to an identity using access requests, it will be provisioned to the identity’s source account. If the entitlement is directly removed from the account on the source, it will be re-provisioned to the account at the next aggregation.

To remove an entitlement from an identity after it’s assigned through access requests, take one of the following actions:

** Revoke it in a certification campaign.*
** Delete the entitlement itself on the source.*
** Delete the source account the entitlement is assigned to. This will remove the access from the account, but will also delete the account itself and remove all access associated with it.*

Thank you,

You could try and use list-completed-approvals | SailPoint Developer Community. If you know the identity ID, then you can filter the completed approvals for that identity. Then, loop through the results to see if there is an entry for the access item you are concerned about, and if the state is APPROVED. If you do find a completed approval that meets those criteria, then the access was granted through access request.