Emergency Terminations of Identities Using IdentityNow

Hello Shavri,

For your “remove access” step, doesn’t this need to be handled in a loop? My understanding is that remove access requests can only be submitted one at a time, so if a user has more than one access item, it will fail if not done in a loop.

Hi Dylan,

I believe the manage access action is capable of revoking multiple access in the same step, it will create the revoke access requests automatically.

When I test that in my environment, I get this error:

I believe it’s using the v3 Create Access Request API, which is limited for revoke operations

1 Like

Hi @dopstrick ,

Yes you are right. I have seen this behavior as well. So we went ahead by using loops(up to 100 access).
Thanks,
Kavindar Sharma

1 Like

@sharvari I am also endup with same error Dylan is facing "revoke entitlements are limit to 1 per access request.

@sagar_kamalakar you will have to add a loop action to this workflow and call the manage access step from loop to revoke your individual entitlements.

Hi @sharvari !

thanks for this post as it is very timely to something I am currently working on for Emergency Terminations. I would like to use the option 2 in your post by manually updating the lifecycle state on an identity. The challenge I am facing is that I think only Admins can modify the Identity Lifecycle State yet in my company, tier 3 IT support performs the emergency terminations. Do you know of a way to allow Helpdesk User Levels to update Identity Lifecycle State manually?
Thanks

Kirk

Thank you, @kirkkenton.

Unfortunately Sailpoint doesn’t support updating lifecycle states using helpdesk user level, they will need Admin access to be able to switch states manually.

image