Hi everyone,
I have a workflow to revoke only requestable roles for terminated users. I’m stuck with revoke action step. I’m not able to get requestedFor ID from the loop input in revoke action step. Any way we can access values from outside loop step? RequestableRoleRemovalWorkflow20241119.json (3.2 KB)
Below is the detailed info for each step. Attached workflow details.
Step1: Scheduled trigger
Step2: API search query to get list of terminated users
Step3: Loop
Step4: revoke access using HTTP request
Additionally, here is another post specifically for role removal with an example attached: Workflow to remove roles.
If your goal is just to remove roles, this should be a simpler solution as you will not need the Loop operator, just be sure to also ass the Wait action mentioned in the solution so automatically assigned roles get removed first.
Thanks @zachm117. Went through this and tested Leaver - Scheduled - RemoveStandingAccess. Here the workflow executed successfully, but it didn’t revoke the roles for one of terminated user who has both requestable and BR roles assigned. It throwed me an error for that identity. So SailPoint is not even removing just the requestable role for that user.
