IdentityNow disable option to create personal access token creation by non admin users

Identity Security Cloud (ISC) ISC Discussion and Questions
1

Hi, We can see that in IdentityNow non admin users can also create personal access token and they can even add multiple scopes. Here I am looking for two options:

  1. is there any option we have where we can disable PAT creation by non-admin users.

  2. if option 1 is not possible, can we send email to admin (or set of few admin people) the moment when any new PAT creation happens.

2
  1. Anyone having access to SailPoint will be able to create PAT.
  2. There are APIs available for PAT where you could schedule a job to fetch the list of PATs and send notifications to the Admins. FYR.

Also, everyone will not be able to add all the scopes. They could only add scopes based on their User Access Level. FYR

HTH.

1 Like
3

hi @hranjan3,

The PAT which non admin users generated cannot be used as they do not have admin privileges in IdentityNow. There is no way to disable that option.

Thanks,
Uday

1 Like
4

Thanks @zeel_sinojia and @udayputta for your inputs!

1 Like
5

Can we write custom scheduled job in ISC ?

6

@vishal_kejriwal1 ,

Using Workflows you could write a scheduled job. FYR

If you have something specific in mind, do let me know and I could help you on that.

1 Like
7

Thanks !
Can workflow be scheduled ? or workflow can be triggered only based on any events ?

8

Thanks got it

image
image2470×1036 154 KB

1 Like
9

You got the answer but yes scheduled trigger is available.