Exactly Aaron,
The top meny bar is gone 
So how are the user suppose to get to the access request page?
Exactly the way you’re expecting them to - the issue is on our end.
It appears like we’re having some kind of bug that is only present in certain situations. We’re on it now!
Hey Kim -
Thanks for bringing this to our attention. Should be fixed now. I’ve tested in my production environment and see it working as expected - let me know if you’re not seeing this.
There was a conflict with some feature flags that has now been resolved - pardon the interruption!
Thanks,
Aaron
1 Like
Hi Aaron,
Yes, now it works.
Thanks for the quick help and support.
Hi! Excellent feature and much awaited. Thanks a lot for delivering this.
There’s a small bug with the reassignment - when an admin reassigns a pending item through this UI, the approvals UI will show to the new owner that the previous owner reassigned it, not the admin. Creates a small security concern. Event log correctly reflects the actor and target for reassignments.
1 Like
Hi Aaron, Thank you for this feature it helps our company!
When an Full Admin is the requested for, we are not able to cancel or approve. Is there an option higher than Access Request Admin Full Management who can decide what do with these outstanding pending requests?
Hi @aaron_andrew, this is a great new feature.
I have two observations:
- Documentation Update: The User Level Access Matrix should be updated to reflect the new permissions associated with Access Request Administration. They are only on the permissions page.
- Connector Integration Issue: In my testing, I’ve noticed that while the ‘Access Request Administrator’ user level is available for assignment to individual identities, it doesn’t appear as an entitlement within the Identity Security Cloud Governance Connector (loopback). Consequently, I’m unable to assign this access through roles. According to the Integrating SailPoint with Identity Security Cloud Governance documentation, user levels should be manageable as entitlements.
Hi @aaron_andrew, Experts,
Could you please confirm if there is any expiry on the access request details on a production tenant? I would like to know if I can rely on the “Access Request Administration” page for audit evidence for a request submitted 2 years ago.
Regards,
Amar Sheriff
As of today, the feature displays all Access Requests regardless of history.
Given how new this is, we’re gathering info on how this is used and looking at performance. Eventually, we may need to introduce some limitations on the historical data which would be introduced in the future. As of today, we believe that limit would be around 13 months.
1 Like
I haven’t been able to recreate this. Would you mind opening a support ticket? They would be able to dig into your environment and the look at the specific items Requested For by an Admin (aka: org_admin) that seem to be un-interactable by an Access Request Administrator only user level.
Hi, first I want to say this has been a great addition to the product and extremely useful. Definitely could use more filter/column options (especially the ability to filter on access requested) but this is an awesome start already.
One thing I’ve noticed is that there is no way to identify whether the request is an access grant request or an access revoke request. I think that is a VERY important piece of information that should probably be a default column that displays here.
The only reason I was able to identify this recently is because I saw requests here where the requester was a service account that only is ever used to send revoke requests. Otherwise I would’ve assumed they were normal access grant requests and been none the wiser.
Also want to add that it sounds like self serve access revoke requests are coming soon, so my point about this page not differentiating between REVOKE and GRANT requests is becoming more of a concern.
This new feature will become very messy to sort through very fast if we can’t tell what’s an access grant request vs an access revoke request, as well as filter on one vs the other.
Thanks for this input!
I agree we can definitely make some adjustments to make this more obvious. Fortunately, we actually do differentiate Revoke requests from Add requests in Access Request Admin today. The grid itself doesn’t show that info and you can’t filter by that today, but when you click the item to view its details, the header bar of the overlay shows Remove or Grant.
That said, adding that info more prominently and allowing filtering are good ideas we will work to prioritize.
Oh wow yeah didn’t see that at all, thank you for pointing that out!
Though yeah like you basically said yourself it doesn’t really help if we need to click into each individual request to know that. Definitely going to need more clarity/ability to filter.