Non-Employee Risk Management - System User Roles are removed on Initial user login

David_Norris · April 28, 2026, 9:22pm

Here’s what I did:

If your “Use Identity Security Cloud Entitlements for Roles” toggle is already On, at the time of adding the NERM Users source. Then you need to toggle that off, then re-toggle that on.
You need to specify the PROVISIONING feature flag on the source. (fine prints) By default, it’s just an empty array…and that’s not what you want. ## Most people missed this step.

Then, depending on how responsive ISC feels like being at that time of the day…you’ll get this after some minutes:

image532×454 12.9 KB

If you don’t have the PROVISIONING feature flag on the source, you would get this (the manual provisioning flow).

Essentially, the behaviour mentioned in the OP is the outcome of the toggle. It behaves as a “If ISC didn’t provisioning the role to this user, zap it”-toggle. That’s why you have this warning:

Topic		Replies	Views
New Capability: Non-Employee Risk Management User Connector for Identity Security Cloud Product News identity-security-cloud , connectors , nerm , new-capability	10	777	April 29, 2026
NERM Role Provisioning Behavior in Sailpoint ISC ISC Discussion and Questions identity-security-cloud	3	45	April 28, 2026
User Import in NERM ISC Discussion and Questions apis , aggregation , identity-security-cloud , provisioning , nerm	35	1466	July 23, 2024
Announcement: New Setting for Managing NERM User Access via Identity Security Cloud Product News nerm , new-capability , non-employees	1	363	March 25, 2026
What is the best way to assign roles to users in NERM? ISC Discussion and Questions identity-security-cloud , nerm	14	1144	June 28, 2024

Non-Employee Risk Management - System User Roles are removed on Initial user login

Related topics