Limit each Identity Request in SailPoint IIQ to not carry more than 20 (exclude) request items

Venu1010 · February 16, 2025, 4:04pm

Hi All,

I hope all doing good. There’s one Incident we received which caused by end user submitted an Identity Request in SailPoint IIQ with more than 100 request items, which crashed the UI server continuously for more than a week. To resolve the root cause, we have to limit each SailPoint IIQ Identity Request not allowing more than 20 request items.

Agenda is to “Limit each Identity Request in SailPoint IIQ to not carry more than 20 (exclude) request items”. Please advise.

Could you please help us how to do it if anyone knows it. Thank you in advance.

Regards,
Venu

iamksatish · February 17, 2025, 11:45am

@Venu1010
You have two ways to do this, either come up with a custom plugin or have a advanced SOD policy , in this you can check existing identity and new identity and compare the number of new entitlements in the new identity is more than 20, throw an exception saying you cannot submit more than 20 items.

Venu1010 · February 18, 2025, 3:46am

can we do it using Quicklink population?

Venu1010 · February 21, 2025, 12:36pm

I am not able to get optimistic roles using getAssignedRoles() method. Please help me to get there.

Venu1010 · March 11, 2025, 11:18am

Hi Satish,

is there a method to check entitlements like getAssignedRoles()?

We need to check entitlements also along with roles. Please advise.

daniel_neubert · March 19, 2025, 4:57pm

Hi @Venu1010 ,

as per my experience the easiest way to achieve this is to set up a policy which is checked during the request process (you’ll have to modify the workflow and enable policy checking - very likely to “interactive” mode).

This will definitely meet your requirements.

Best regards,
Daniel

system · May 18, 2025, 4:58pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.