Remove access from workflow

Actually, I think I can tell which role is causing it from the error. The role “EXT-TestAADRole3” can’t be removed from the identity ID ending in “486”. You could even try submitting this access request from the IDN request center for just that identity and that role and see what happens.

Hi @colin_mckibben - thanks for looking into this.

I’ve figured out the problem, so I was actually adding identities to roles using direct role assignment and revoking roles from identities using IDN Workflow (which like you said uses Access Request APIs), and that’s why we saw bad request error.

Whereas adding and revoking roles to/from identities using Access Request API and IDN workflow worked!

Thanks again mate! :slight_smile:

1 Like

A post was split to a new topic: How to remove birthright roles using Workflows

Hi Team,
I am also building similar workflow to remove accessprofiles to identites. Here I need to remove accessprofiles only which follows specific pattern from list of accessprofiles identity has.
eg: identity has some 3 access profiles
1.Black: approver-p-task
2.prop: financial
3.Black:approver-p-task
here I need to remove accessprofiles which follows this pattern starts with “Black” and contain substring “-p-”
I tried using GET ACCESS and MANAGE ACCESS but not achieved can anyone suggest any ways to achieve by using workflows.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.