Just noticed with the update today for the request center that if you are a manager you can now request for my people which shows both active AND inactive identities that report to that person. We would like to know if this is something we can turn off (avoid make me like).
Hi @ewojnar,
I donât believe there is a fix for filtering out inactive identities while requesting for your team.
The current workaround would be to individually unselect identities while making an access request.
I would suggest creating an idea on https://ideas.sailpoint.com/ideas and sharing the link in this thread for folks to vote for it.
Thank you
Hi @ewojnar ,
I donât know if it will work in the same way, but we had the same kind of problem with the âmy teamsâ displaying inactive users.
To solve the problem we use the manager transform: If the cloudlifecyclestate of the identity is âinactiveâ the return is ââ.
This way, all inactive users no longer have a manager and therefore donât appear in âmy Teamsâ.
This feature was a surprise, and is creating extra work for us.
Because there is not a way to hide terminated identities, and we are using the manager attribute them, How do I disable the ârequest for everyoneâ option?
Hi @ccarlton Go to Admin/Global/System Settings/System Features.
you will find a button with the option : âEnable Request On Behalf Ofâ.
Here is the documentation : Enabling Requests for Others - SailPoint Identity Services
We have this option set to âManagerâs Onlyâ. Which we want.
This allows Managers to select individual reports and request access for them.
In the past/up until recently, when selecting people, Managers were good about only selecting reports that were employed.
Unfortunately, Managers donât realize that this new button is generating requests for terminated employees.
We need the manager attribute to be set for a period of time for downstream offboarding interactions.
Until there is a way to declare certain lifecycle states as ânon-participantsâ (report only/audit only, etc.), this ârequest for all my reportsâ is doing more harm than good.
This is generating incorrect tickets / work for our downstream folks, who in some cases are not aware these people no longer work for us.
Of course, the best solution would be for SailPoint to not include inactive identities in request center. Until that is implemented, you might try clearing the manager attribute for inactive identities.
Hi,
the phrasing matches well with the new capability 
: New Capability: Management of Inactive Identities
@ccarlton I think it will solve your issue
1 Like