Does IDN allow to making access profile non Requestable?

I do see an API but it is giving 400 Bad request.

Can you share the request body?

[
  {
    "op": "replace",
    "path": "/requestable",
    "value": false
  }
]

Hey @RAKGDS
Were you able to find the option at least from UI ? Looks like new RC has something that needs to be enabled from backend to rollout all features?
Also, were you able to find the requestable access profiles within new Request Center?
I am facing both the issues.

Response:
            "text": "Read only field \"requestable\" has a default value \"true\", it cannot be set or modified."

Thanks,
Antony

Have you tried with Content-type : application/json-patch+json in the header?

Hi Antony,

From UI we are able to make it non Requestable. But not using api

Yes Nithesh this is tried

I see a similar thread for the same issue, Patch access profile “requestable” field - IdentityNow (IDN) / Discussion and Questions - SailPoint Developer Community Forum

and I don’t see any resolution for it. @colin_mckibben is this functionality available via API?

I’ve been triggered by this request to figure out what the API behind the setting in the UI is. However, it is currently running into an issue for me; I can’t disable the ‘Access Request’ flag in an access profile. Maybe this is caused by the the same issue in the API?

I’ll make a support ticket for this UI issue and see from there.

Using the new Access Request Center UI, Access Profiles are made requestable through Applications. You would create an Application from the same Source as your Access Profiles, add whichever relevant Access Profiles and enable that Application for Access Requests.


The end user experience would look like this:

image

PATCH: https://{tenant}/beta/access-profiles/:id method with the option requestable is confusing. Ideally, access profile are requestable objects.

However, we can play with another attribute “enable” to hide or show the access profiles.

Payload: {op: “replace”, path: “/enabled”, value: true}

Thanks for responding, Mostafa.
Does that mean we have to create applications for all the sources which needs its Access Profile to be requestable ?
Also, only cc API works to make it requestable by adding the profiles to application?
{{baseUrl}}/cc/api/app/update/:applicationId
Body: {"accessProfileIds": ["profile1Id", "profile2Id"]}

1 Like

Access Profiles are not available “directly” in the Request Center. Instead you need to choose them from inside Applications. So, Access Profiles have to be either inside an Application or a Role to be requested from the Request Center

Correct and correct.

You have to create one or more Application per Source to be able to directly request Access Profiles from that Source. There are no /v3 or /beta APIs to manage Application objects. I believe the /cc/api/app/update/:applicationId is the only way to do this programmatically.

Hi Mostafa,

Thank you for the reply. We need to make sure that Access Profile is not visible in Service - Now Catalogue. Our client does not want to have any access profile requestable that is where we have this ask.

Could you please let us know if we can make Access Profile non requestable and not have it Service Now Catalogue ?

If you see the screen there are many access profile which are visible and not allowing us for making it disable.

Thanks
Rakesh Bhati

As far as I understand, you probably have these two options:

  1. Disable the Access Profile on IdentityNow. I’m not sure how that would impact this Access Profile if it is part of other Roles, so I would advice you check the impact first.
  2. Configure a search filter on the ServiceNow-side Service Catalogue Application to exclude these Access Profiles. You have the option to add an Additional query for fetching list of access profiles (ref docs: Configuring ServiceNow for Integration). You could configure a naming convention for such Access Profiles to start with a specific text (Non-Requestable, NR, etc) and use that as your filter.

Thank you so much Mostafa for your quick reply. We also have this recommendation popping up which client does not want in ServiceNow - Catalogue.

Do you have any recommendations for removing that ?

Thanks
Rakesh Bhati

I don’t think there is a way to remove it since it is based on the AI Recommendations generated for the requestor. Might be worth asking in a separate thread to see if anyone else has an idea.

I also ran into this, instead of renaming the access profiles, I added a tag in the description of #notrequestable and filtered on that on the servicenow side.