Identity Refresh in IdentityNow

shekhardas1825 · September 11, 2024, 2:55pm

@kani1 IDN’s entitlements are sticky in nature and you would need to revoke the entitlements through access requests or though certifications to remove the stickiness. If not, IDN would try to re-add the entitlements or even create the account if the account doesn’t exist for the user.

Please read the SailPoint documentation here:
Managing Requests for Entitlements - SailPoint Identity Services

Please find the resolved post for the similar issue

Auto-Account Provisioning during Aggregation - Identity Security Cloud (ISC) / ISC Discussion and Questions - SailPoint Developer Community

Access profiles are one way to handle this (as they are not sticky) but you will need to create an AP for every entitlement that would need to be requested and whenever a new entitlement is added at the target system. This can become difficult if we are talking about a large number of entitlements in the target system.

Topic		Replies	Views
How to Handle Requestable Entitlements and Avoid Stickiness ISC Community Knowledge Base identity-security-cloud , provisioning , entitlements	3	276	September 23, 2024
Provisioning Errors from Deleted Accounts in IDN ISC Discussion and Questions identity-security-cloud , access-requests	2	35	November 8, 2024
Azure Active Directory Account Creation Event Triggered During Identity Refresh ISC Discussion and Questions identity-security-cloud , provisioning	4	41	December 29, 2024
Standard service before provsioning rule ISC Discussion and Questions identity-security-cloud	9	73	November 15, 2024
Cancel failing entitlement access request ISC Discussion and Questions identity-security-cloud , access-requests , entitlements	7	65	January 12, 2025

Identity Refresh in IdentityNow

Related topics