Assigning access based on user level like “Helpdesk Admin” is not directly supported as an entitlement-based condition in SailPoint IdentityNow. The “Helpdesk Admin” designation is a user role within IdentityNow, not a standard entitlement, so it can’t be referenced in access request policies or identity profiles as a criteria. If you’re getting an error, it’s likely because the system doesn’t recognize user levels as valid identity attributes or entitlement values. A workaround is to create a custom identity attribute (e.g., isHelpdeskAdmin
) and populate it using a transform or rule that checks the user’s role. You can then use that custom attribute as a condition to assign access items.
1 Like