Give non-admins ability to change LCS

ugochuik · April 12, 2025, 3:29pm

I want a few non-admins to be able to change LCS. Is there any user level rights that will allow that apart from full Admin? Is there any way to do it via workflow/form for the non-admins?

amankumargupta · April 12, 2025, 5:58pm

I think you can do something like this using launchers, workflow and form.

Launchers can be configured to initiate workflows that change an identity’s LCS. By setting up a launcher that triggers a workflow, non-admin users can execute the workflow without needing direct access to administrative functions.

Workflow Configuration: Design a workflow that accepts parameters (e.g., identity ID and desired LCS) and performs the LCS update using SailPoint’s APIs.
Launcher Setup: Create a launcher that invokes the workflow. Assign appropriate permissions to the launcher so that designated non-admin users can access it.
API Utilization: Use the POST {{baseUrl}}/identities/:identity-id/set-lifecycle-state API endpoint to update the LCS within the workflow.

Implement Forms for User Input

To enhance usability, incorporate forms that collect necessary information (e.g., selecting the identity and the new LCS). These forms can be linked to the launcher, providing a user-friendly interface for non-admins to initiate LCS changes.

ugochuik · April 12, 2025, 6:12pm

But I do not see {{baseUrl}}/identities/:identity-id/set-lifecycle-state in the V3 or even Beta collection list. Or in any of the API documentation. Are you sure it has not been deprecated?

amankumargupta · April 12, 2025, 6:16pm

please mark solution if it helps

ugochuik · April 12, 2025, 6:23pm

Thanks. I was looking under identities. I had the form and workflow ready but this was the missing piece

ugochuik · April 14, 2025, 12:12am

In the form I created I have a drop down for Lifecycle state to chose–say
Active
Inactive
but we have to use the id of the state to make the setLifecyclestate api call
How can I translate the selected value from the drop down to the id? I have the ids
Is there a way to do option mapping in forms or in the worklow?

ugochuik · April 14, 2025, 12:47pm

I found a way to translate the drop down selection to the id values and got the workflow working. I will write a blog about it.

hyungsunkang93 · April 14, 2025, 1:25pm

I think you can create a Form that then sends an HTTP Request to update their LCS through a workflow.
Only org_admins are allowed to manually change the LCS.