Caveat - I don’t have workflow enabled in my tenants, which is what I assumed you meant with your use of the term “workflow” in your question. However, I have another solution you can use as a one-off update script.
Can I assume this is for an Active Directory source?
If so, it will require a bit of filtering on the client side because none of the APIs currently allow for filtering entitlements based on source-specific attributes, such as GroupType for Active Directory.
That said, this can be accomplished using something like the PowerShell SDK
Here’s what you’ll need to do
Find the source Id of the source for which you’d like to search entitlements. This assumes your AD source name is called “Active Directory”
$source_id = (get-sources -filters 'name eq "Active Directory"').id
Then, you need to get all the entitlements in that source that are security groups. Assuming you have more than 250 entitlements in that source, you need to use the Invoke-Paginate cmdlet to paginate through all the results. Set the limit argument to a number that is greater than the total number of entitlements in that source
$security_groups = Invoke-Paginate -function "Get-BetaEntitlements" -increment 250 -limit 10000 -initialoffset 0 -parameters @{"Filters"= "source.id eq `"$($source_id)`""} | where-object {$_.attributes.GroupType -eq "Security"}
Since the update-entitlements-in-bulk API endpoint has a limit of 50, we’re going to do an old fashioned loop action. First, we need to build the patch body, which will be the same for each entitlement
$patch_operation = Initialize-JsonPatchOperation -Op "add" -Path "/requestable" -Value $true
And now our loop
foreach($security_group in $security_groups){
Update-BetaEntitlement -Id $security_group.id -JsonPatchOperation $patch_operation
}
Ok, let’s put it all together
$source_id = (get-sources -filters 'name eq "Active Directory"').id
$security_groups = Invoke-Paginate -function "Get-BetaEntitlements" -increment 250 -limit 10000 -initialoffset 0 -parameters @{"Filters"= "source.id eq `"$($source_id)`""} | where-object {$_.attributes.GroupType -eq "Security"}
$patch_operation = Initialize-JsonPatchOperation -Op "add" -Path "/requestable" -Value $true
foreach($security_group in $security_groups){
Update-BetaEntitlement -Id $security_group.id -JsonPatchOperation $patch_operation
}