How do we identift the list of requests pending for a terminated user and a way to automatically cancel them
Hi Vengatesan,
This could be accomplished a couple of ways with a workflow. Here is one example;
trigger: lifecycle state change to terminate
HTTP action: list-pending-approvals , using the requestedFor.id parameter.
Loop through the response:
Http Action: reject-access-request with a comment about the termination for audit purposes.
Hi @vsekar7
Attached is the JSON of workflow to auto cancel/reject their pending access requests.
RejectLeaversPendingAccessRequests20251024.json (3.0 KB)
Try it first in the sandbox and let me know if you need more help.
sure thanks, will let and let you know
1 Like
How do I trigger the workflow for the already existing users ?
I have designed the workflow in sandbox but not sure how to trigger them for the users who has been terminated already
Hi @vsekar7
There are two ways.
You can do it in the UI by going to Dashboard > Approval Management > use ‘Filter’ option or ‘Pending’ requests to cancel it for each terminated user. OR
Use below test input when testing the workflow in the sandbox and then manually trigger it.
{
“identity”: {
“id”: “[Id of the terminated user]”,
“name”: “[name of the terminated user]”,
“type”: “IDENTITY”
}
}
Use case like this, so rudimentary / fundamental, should have been incorporated by SailPoint at the product level. (e.g. Identity LCS feature toggle)
This is unnecessary friction / decelerator.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.