how to get list of users with entitlements for whom the access request is not available in SailPoint for that particular entitlements?
Hello @Badebaji , In your current implementation are you using data segementaion?
we are not using data segmentation, but the problem is SailPoint adding back few entitlements to disabled record after termination as there was no role or access request associated to such entitlements. SailPoint says it is default behavior. How to fix this problem? Can we generate access requests for those entitlements from back end?
Could you clarify what SailPoint means by “default behavior”? If those entitlements are assigned based on criteria that a terminated user still meets, then yes, this will happen.
This is due to entitlement stickiness. you can handle it using before provisioning rule
Based on your question, I understand you want to find users who have entitlements that are NOT requestable (i.e., requestable: false). This is a common use case for identifying access that was granted directly or through other means, but cannot be requested through the normal access request process.
Here’s how to approach this:
Solution: Using the Search API
The best way to accomplish this is to use SailPoint’s Search API to query for entitlements where requestable is false, and then identify which identities have those entitlements.