Jennifer, this functionality has caused us massive issues at Legal and General.
Entitlements unlike roles are not an ID now construct. We have hundreds of thousands of entitlements, a small proportion of which, we auto provision via API’s from ServiceNow. 30 days after an account is disabled our IDAM teams delete it. These AD account then all get re-created breaking all security Audits. To add insult to injury looking at these accounts through the GUI you cannot tell which one or two entitlements now need to be removed via API to allow the account deletion. To add insult to injury we then had all leavers re-created after writing into leavers processing that when a leaver is known in the future, to prevent DLP we automatically added a group so they could not send email attachments outside of the company. This group then caused everyone of our deleted leavers to be re-created. As a minimum entitlement stickiness needs to have an on off flag. Fully appreciate the advantage of revoking at a set date, but see it as a bug not an advantage them being added back if removed by Security teams. Particularly if the whole account is removed. If we wanted this we would include the entitlement in a role. Also this is not made clear anywhere we could find in the Sailpoint documentation.