More detailed logs of Access History in ISC

Please be sure you’ve read the docs and API specs before asking for help. Also, please be sure you’ve searched the forum for your answer before you create a new topic.

Currently trying to troubleshoot why a role/entitlement keeps getting removed from a identity, and access history is nice to see when it got removed, and view other access events. However, it does really show us a ‘Why’ an event happened. For my particular case why the role/entitlement was removed. Is there a manner to see the root cause of losing or removing of a role/entitlement?

You should look for any identity or account attribute changes that might have caused the identity to lose a BR role that got removed

besides that, from the access history view are we able to see any more detail pertaining to the event other than just what occurred?

Go to Access History, and type the particular identity you search for, and see Filter to the right, select “Removed“, checkmark “Roles“, “Entitlements“, “Access Profiles“, you should be able to see something there.

Nothing that I am aware of. Access History simply gives you the changes that have occurred.

thats unfortunate, but i appreciate the assistance!

Isn’t identity history just a more simplified view of account activities and other events tied to an identity?

One would think you’d be able to see the account activity tied to when the entitlement was removed, assuming that SailPoint removed it.

If not, I’d turn on native change detection for that source and see if it’s happening directly in the source.

If an account activity is being generated, you should be able to see if it’s being removed from an identity refresh, app request, etc.

My guess is it’s happening in the source itself