Hi Everyone,
I had a question on Access Profile reprovisioning. If the Access Profile was granted to the user manually and one of the entitlement got deprovisioned during access review/manager requested revoke, will that entitlement get re-provisioned during next refresh?
Yes, It will get reprovisioned on next refresh or if you perform identity refresh. That’s how identity now role provisioning works. If it doesn’t see the entitlements provided, it will try to reprovision on next refresh or if you refresh the identity.
The provisioning happens on next refresh only if you have provisioning setup for those entitlements on target applications.
All entitlements of Access profile is checked if it exists or not on next refresh. Hence, entitlement will get provisioned.
Hi @kdfreeman, thanks for your response. Here I am talking about Access Profiles specifically, not Roles. Can you point me to documentation that describes this behaviour for requested access profiles? Not automatically provisioned ones, or the ones provided via roles.
Either it is entitlement, access profile, or roles; if it was previously provisioned to end system from sailpoint, it should be revoked from sailpoint. That is how sailpoint works. It is mandatory that every deprovisioning action should happen from sailpoint. Otherwise, it will reprovision in each refresh if it doesn’t see the access.
Hi @Pranjali.Pandey,
I think If an Access Profile was granted to a user manually and one of the entitlements got deprovisioned during an access review or a manager-requested revoke, that entitlement will not get re-provisioned during the next Identity refresh.
Thank you!
Thank you!
Hi Pranjali,
When an Access Profile is granted to a user manually, it includes a set of entitlements. If one of these entitlements is deprovisioned during an access review or because a manager requested its revocation, it means that the entitlement is no longer considered necessary or approved for the user.
During the next Identity refresh, the system will not automatically re-provision that entitlement.
Thank you!
Thanks Abhishek, this helps.