New Capability: Identity Access UI

This is available in all sandbox and production tenants. It’s available under Try New Experience.

A new Identity Access UI enables Org Administrators and Helpdesk to view an identity’s access items (roles, access profile, entitlements, and applications). Org Administrators can revoke access items when the option is available.

You’ll know this is available in your tenant when you see an Access UI after clicking the Try New Experience button.

Try New Experience2782×1578 270 KB

Access UI3454×1802 293 KB

Revoke for Org Admins1380×718 24.9 KB

Promotion Timeline for Try New Experience

Try New Experience will replace the current UIs as soon as February 26th, 2024.

The Access UI is the last item that will be added to Try New Experience.

The final feedback window for Try New Experience is open until February 16th, 2024.

Try New Experience will replace the current UIs in sandbox as soon as February 26th, 2024.

We will update you again in our next announcement: “New Capability: Identity Experience.”

More About Revokes

Org Administrators can revoke access items when the option is available. Helpdesk users cannot revoke access items.

• Roles are revocable if provisioned via access request.
• Access Profiles that stand alone from roles or lifecycle states are revocable.
• Entitlements that stand alone from roles or lifecycle states are revocable.
• Applications are not revocable.

The system does not account for access that is indirectly chained. For example, a role could contain entitlements A and B. A separate access profile could contain entitlements A and B. If a user receives the role, the access profile will be detected and presented as revocable. The role will re-add the entitlements if the access profile is revoked. The access profile would then be re-detected. We recommend adjusting your access model if you encounter this scenario.

More About Applications

The Access UI will always show tabs for Roles, Access Profiles, and Entitlements. It will hide the Applications tab unless the identity has applications. This feature simplifies the experience for organizations that don’t use applications.

Spotlight on the Helpdesk

You might not use the Helpdesk user level often (or ever). Take a minute to use Try New Experience as a Helpdesk user to understand how its capabilities have improved.

Next on the Roadmap

• Addressing customer feedback about Try New Experience.
• Allowing access profiles to be revoked when the option is available.
• Removing the option to revoke entitlements that would be re-added.

Submit Questions or Feedback

Submit questions or feedback , and we’ll be in touch.

You could also schedule time to provide feedback over Teams!

Hi @kirby_fitch

Before this goes live, will sort functionality be added to Access UI?

Current UI allows you to sort roles by name, description or owner. New UI does not allow sorting, and also appears they are not in alphabetical order.

It would be great if more columns were available for Roles on the UI, so we could see the flags without having to click on each role.

Will revoke for Access Profiles be coming soon? Is there a reason it is not included?

Thanks.

Hi Jason,

We’re adding sorting on role name. It might be added before we GA.

What specific columns do you want to see added to the roles tab?

We should be able to add access profile revoke soon as well. It might not come before the GA. We’re adding more information to the access profile list endpoint so we can tell what ones could be revoked. We’re resolving a similar problem with entitlements too!

Any update to the access profile revoke option from the UI?

Would be nice to see that as an option in Request Center also. Role owners and application administrators would benefit from this capability. Its available from the ServiceNow Catalog Widget, why not have it in Request Center as well?