We are excited to announce that the API is ready for use, please review the documentation for utilizing the API to make bulk updates to your Access Profiles.
What does this enable?
This will enable you to bulk change Access Profiles from requestable to non-requestable, therefore eliminating the need to manually update them individually and allowing for easier management of Access Profiles.
Instructions:
The attached guide provides all of the instructions on how to implement this API.
Action Required:
For all customers who have not yet migrated over to the new Request Center, we recommend changing your Access Profiles to be non-requestable by default via this API prior to February 28th. Otherwise, your users will be able to request all Access Profiles in your environment.
The documentation provides a guide on how to utilize the bulk API to change Access Profiles from requestable to non-requestable, allowing for much easier management of Access Profiles in the new Request Center.
Developer documentation::
Action Required
For all customers who have not yet migrated over to the new Request Center, we recommend changing your Access Profiles to be non-requestable by default via this API prior to February 28th. Otherwise, your users will be able to request all Access Profiles in your environment.
Important Dates
All customers will be migrated over to the new Request Center on February, 28th, 2024.
If you would like to migrate over to the new Request Center before February 28th, please fill out the opt-in form and we will follow a weekly enablement schedule.
Thank you for the announcement. It does confuse me though.
If a new API is available, but there is no documentation on how to use it, or even what endpoint the API is. Is the API truly available? Wouldn’t it be better to make this announcement at the moment the documentation is actually existing, such that you can also point to the documentation from this announcement?
Is there any ETA on when the documentation becomes available? With shortly, are you talking about several hours, days, weeks or months? Will this availability be announced? If so, where will it be announced?
…allowing for much easier management of Access Profiles in the new Request Center.
We are not managing access profiles in the request center right? We are only requesting access profiles in the request center. We manage access profiles in the admin pages under Access → Access Profiles.
Is it true that this is purely an API addition and that bulk management through the UI is not possible, using this API?
Although it is great that there is now a way (once documentation becomes available) to bulk manage access profiles, from a technical perspective we can still do the same things via API as before (we just had to perform more API calls). Shouldn’t adding this API have been a way lower priority compared to making new APIs available to replace the CC/V1/V2 APIs, given that these are deprecated and will stop working after 31st of March? There are many such APIs that need to be replaced as we do rely on them. I assume here that the team who created this API you mentioned are also able to create the APIs that are going to replace the deprecated ones.
We do have documentation which contains instructions on how to utilize the API:
The instructions will be updated here shortly, within the next day. That is correct it is purely an API addition, and the UI does not allow for these changes. Also you are correct, we manage access profiles in the admin pages under Access → Access Profiles.
I checked the link you shared and also noticed that the API documentation is now available . I also saw now that this API for making bulk changes to access profiles only allows you to change the requestable field. Changing things like owner, approval flow and enable/disable status is not possible. Since we already updated the requestable field prior to this API being available, we do not expect to use this API in the near future. I’m sure it will benefit others though.
@angelo_mekenkamp you should be able to use configuration hub with the “object mapping” value substitution rules to bulk change attributes .
For more info you can check configuration hub documentation:
Thank you for the suggestion @yael_kadoshi, but the configuration hub doesn’t meet our requirements here. For us the more focus SailPoint places on offering fully working APIs the better. That can help us the most.
Hello-
I reviewed the instructions above. However, I need confirmation that if I disable the Access Profiles that it’s not going to break things or make them un-requestable through the Applications or the Roles – that it’s only going to make them un-requestable through the Access Profiles link.
For example: We have a Role, Inpatient Nurse. That Role is using 2 Access Profiles, 1 for Epic EMP and 1 for Epic SER. I want to disable people being able to individually pick those Access Profiles, but I still need the Role to be able to be requested and for it to still grant the correct access.
Marking the Access Profile’s requestable attribute as false will give you the desired outcome. It will still function as part of the role, but no longer be directly requestable.
Taking roles out of the discussion, this does not appear to be the case for Applications. When I mark an AP non-requestable, it removes that AP from the Application in Request Center. Additionally, even if the AP was still available within Request Center > Application and it’s requested, would the approval process still occur? If I make the AP non-requestable, the approval options gray out, indicating that they are no longer available.
It looks like this is an all-or-nothing solution. Either the AP is not-requestable and, therefore not available within an Application, or the AP is requestable and allowed within an Application AND within Request Center > Access Profiles?
Hi Jeff -
That is correct. Requestable access profiles can be associated to an application or not, but even when they are associated to an application, they are also requestable through the Access Items and Access Profiles lists. In the Access Items and Access Profiles pages, the application association is also shown on the access profile card, so users will see that detail in the new request path too.
All customers will be migrated over to the new Request Center on February, 28th, 2024.
. I also saw now that this API for making bulk changes to access profiles only allows you to change the requestable field. Changing things like owner, approval flow and enable/disable status is not possible. Since we already updated the requestable field prior to this API being available, we do not expect to use this API in the near future. I’m sure it will benefit others though.
