Please share any images or screenshots, if relevant.
[Please insert images here, otherwise delete this section]
Please share any other relevant files that may be required (for example, logs).
[Please insert files here, otherwise delete this section]
Share all details about your problem, including any error messages you may have received.
Hi Team,
We are continuously seeing the issue from past some months that some members from workgroups is being automatically removed. We have started using workgroups for multiple owner purpose in sailpoint for entitlement. So, it’s a entitlement owner selected we can have mutiple owners for single entitlement. Require your help as it might be appear as a bug because we are not able to see who remove member or how those members are being removed. Please help
If this removal is happening in the UI, you can enable auditing in the General Actions of your Audit Configuration:
At least this way, you’ll know if someone is removing the members in the UI. Then in Advanced Analytics, you can search for the audit event (IdentityWorkgroupAdd or IdentityWorkgroupRemove):
The only caveat is that I do not believe this would catch members getting removed by code in a rule. That’s why I try to emphasize add/removal through the UI.
Thank you for replying. I have checked the logs but i don’t see any activity regarding the some users being automatically revoked from a workgroup. Is there another way to check this?
The only use case I typically remove users from workgroups via code are during transfers or terminations. You may have some code that is getting triggered to do the removal.
Try searching your code base for remove( or if searching via regex it would be remove\( to look for any code where you are removing an identity cube from a workgroup.
