Hi Colin, sorry I forgot to return here. I was not able to get objective using the Get Access / Manage Access actions. Instead I replaced the Get Access with a HTTP action, calling the search api to find user entitlements, and then replaced Manage Access action with another HTTP action, this time removing each entitlement as a request.
First HTTP Request JSON Body:
{
"indices": [
"identities"
],
"query": {
"query": "id:{{$.trigger.identity.id}}"
}
}
Loop input:
$.hTTPRequest.body[0].access[?(@.type == "ENTITLEMENT" && @.source.name == "Active Directory")]
Loop context:
$.trigger.identity
Second HTTP Request JSON Body:
{
"requestType": "REVOKE_ACCESS",
"requestedFor": [
"{{$.loop.context.id}}"
],
"requestedItems": [
{
"comment": "Please remove",
"id": "{{$.loop.loopInput.id}}",
"name": "{{$.loop.loopInput.name}}",
"type": "{{$.loop.loopInput.type}}"
}
]
}