Enhancement: Streamlined Revocation for Single Assignments

Description

:bangbang: We’re adding usability enhancements to the new access revocation functionality!

When reviewing and managing a user’s access from the My Team, My Access, or Identity Admin pages, the experience needs to support multiple assignments of a single access item to any given user — since a user might have multiple accounts with the same access. That said, we recognize that most users don’t have multiple accounts, so for them, we aim to reduce the number of clicks required to revoke access.

With this enhancement, when an identity has only one assignment of a revocable role or entitlement, a Revoke Assignment button will appear in the header bar of the access details page.

For identities with multiple assignments, users will still need to click into each assignment to initiate revocation. To guide navigation, a disabled revoke button will appear in the header bar when one or more of those assignments support revocation, and its hover text will direct the user to the Assignment tabs. If no assignments are revocable, whether one or multiple assignments exist, the new top-level revoke button will not appear at all.

Action Required

No action is required for you to get this new behavior. It will appear according to the selected user’s assignments of the selected access item.

Important Dates

This is being rolled out in the next couple of weeks:

  • Sandbox: June 24
  • Production rollout: week of June 30
3 Likes

Lovely!

This enhancement is a perfect example of how enhancements should be.

  1. It paid attention to the fact that customers are different (some have multiple accounts on sources and some don’t) and ensured ISC works for all.
  2. It involves a highly used and highly important part of ISC (managing access) that should therefore be perfected.
  3. It focuses on user friendliness and usability by reducing the amount of clicks required without limiting the functionality and without decreasing the security.
  4. The announcement is on time, allowing us to test in non-production before it goes live in production, and is, from my perspective, unambiguously written.

Thank you for this announcement!

Also looking forward to when ISC can take it one step further and also have this revoke button visible in the table of roles a user has, to reduce one more click. I recall this required some updates of the APIs before the UI could apply it?

Thank you for the high praise @angelo_mekenkamp !

Yes, we recognize that surfacing that revoke button one level higher - into the grid - would be even better. Unfortunately, the current sources of data we have available at that higher level can’t support that today. I will continue to pursue improvements here as possible, and I’m glad the step we’ve taken will be helpful!

1 Like

Hi @jennifer_mitchell,

Excellent improvement to user experience. I need to update our documentation though :wink: