Hide terminated users when requesting access

Hey team!

In our environment we keep all terminated cubes that have been off-boarded in the tenant as a history. We have managed to hide terminated users from the managers “My Team” tab by nulling out the manager attribute for these users.

One problem, however, is that whenever someone requests access for a user, all users are able to be provisioned for that access. We want to hide all terminated users from this, is it possible?

Segments don’t work for this, we have tried it. Segments only limit what the actual user can request and not, not which users a respective manager, for example, can request access for.

Perhaps there is nothing we can do about this, but I appreciate all answers!


Apart from the “isInactive” that is OOB for identity Object, do you have any other attribute that differentiate user that are terminated? Like an Identity Attributes, a termination date…
Because if yes you might just setup a rule/script/filter in the QuickLinks tab for who is requesting(manager,Service Desk…) , select under the tab “Who can members request for?” and add a custom filter in “Match custom Criteria” something like “isInactive() == true”

Hello Mattia, thanks for answering! All of this sounds like either we need more modules or are you perhaps thinking of IIQ? Never heard of the QuickLinks tab or the “Who can members request for?” tab, maybe I missed it in IdentityNow?


Sebastian - I was reading about this the other day and then came across your post here. Within Compass in the Ideas Portal this exact issue was raised and looks like this is now in discovery (https://ideas.sailpoint.com/ideas/GOV-I-1864). Here is another link that provides additional information (https://community.sailpoint.com/t5/In-Discovery/IdentityNow-Inclusion-Or-Exclusion-of-Identities/ta-p/222439). For IdentityNow (IDN) it is a top three item but I would add your vote to continue moving this up the line.


Ah, this answers my question then! Thanks!

Sebastian, sorry my bad I tough I’ve readed the topic was in IdentityIQ :man_facepalming: