Hide all entitlements in IDN using a segmentation (or some other method) - to ensure people can’t request them from the GUI instead it should be requestable only via API and the API is used by ServiceNow.
You can use access request segments:
to create a segment that is visible only to your ServiceNow identity. You would assign all requestable items to that segment.
3 Likes
@agutschow / @Amrit1897 Segments in ISC doesn’t really work that way and I’ve tried and tested this.
For segments to work correctly, all the access in your system need to be mapped to a segment for sure.
For example, there are 10 roles in your system. You’ve created a new segment called Segment_A and configured the assignment criteria for it. Now, a user called ABC satisfies the criteria for Segment_A and navigates to Request Centre page. Now your expectation here would be that the user ABC would only see 5 roles (based on the configured segment the user satisfies), but NO, the user would still see all the 10 roles in request center.
When a user in a segment visits the Request Center, they are presented with access items defined in their segment as well as access items that are not included in any of the segment. So you need to ensure all the access in your system is part of a segment.
@Amrit1897 to answer your question, there is no OOTB way of restricting end users from seeing all the access in Request Center page unless you’re efficiently configuring segments for all the access in your system as per above example and the documenation.
Hope that clarifies.
Thanks,
Arshad.
Alicia is correct, you can use segments for this.
What we have done is put all requestable roles and access profiles in a segment, and that segment has no users in it ("visibilityCriteria": null in API).
This stops all roles and AP’s being requestable by all users within ISC UI.
1 Like
We have around 60 thousand entitlements and making segment limit is 50.
So, if we do via segment then we have to make multiple segments.
Not sure if it is good solution and what will be performance impact.
Is there any other way possible?
If not is it possible to directly hide the request center completely?
Hi @Amrit1897,
Would you be open to an alternative solution?
Perhaps you could configure an event trigger/workflow to inform end users their request is cancelled as we migrated from SailPoint UI to ServiceNow UI/Catalog for access request.
I think even if you manage to hide the “Request Center” an update to UI in ISC could bring it back.
Hey,
You can add more than 50 access items in a single segment. The limit only permits to add 50 items once. You can add access items in batches and have a single segment.
You can add and save up to 50 access items to a segment at a time. To include more than 50 items in your segment, you need to repeat these steps to add and save them to your segment in batches of 50 or fewer.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.