Is it possible to auto-cancel aging requests in Sailpoint ISC?
Hi, @AsGoyal.
Hope you are doing great!
When do you say “auto-cancellation” of aging access requests, you refers to pending access request approvals that were not approved/revoked for a period of time?
If so, yes, you can achieve that.
You can create a workflow with a schedule trigger and use the pending access requests api inside of a loop operator to get the requests based on the “created” attribute.
Also, use a workflow step to revoke the access.
I’ve attached an example of workflow.
Hope it helps.
1 Like
Hey @kevisoliveira
I am well, hope you’re doing well too.
Thank you for sharing this, I will try this out.
Kind regards,
Aayush
Hi @AsGoyal
I’ve a similar workflow setup for leavers i.e when their lifecycle state changes to inactive, this workflow triggers and cancel their pending access requests if there are any. Attached is the JSON of the workflow.
Steps;
-Trigger (lifecycle state changes to inactive)
-Action (HTTP Request) - API call to this endpoint to retrieve all their pending access requests https://[tenant].api.identitynow.com/v3/access-request-approvals/pending
-Loop:
-Action (HTTP Request) - API call to this endpoint to cancel their pending access requests https://[tenant].api.identitynow.com/v3/access-request-approvals/{{$.loop.loopInput.id}}/reject
-End step
-End step
If you want to cancel access requests e.g older than 30 days or so, then you can add a logic (e.g Compare Timestamps operator) before a loop to retrieve the desired access requests.
Hope this helps.
1 Like
Please also take a look at this KB:
I think it would be helful to you. At the bottom of the page they also discuss about the same use case as yours.
2 Likes