For your “remove access” step, doesn’t this need to be handled in a loop? My understanding is that remove access requests can only be submitted one at a time, so if a user has more than one access item, it will fail if not done in a loop.
thanks for this post as it is very timely to something I am currently working on for Emergency Terminations. I would like to use the option 2 in your post by manually updating the lifecycle state on an identity. The challenge I am facing is that I think only Admins can modify the Identity Lifecycle State yet in my company, tier 3 IT support performs the emergency terminations. Do you know of a way to allow Helpdesk User Levels to update Identity Lifecycle State manually?
Thanks
Unfortunately Sailpoint doesn’t support updating lifecycle states using helpdesk user level, they will need Admin access to be able to switch states manually.