Remove the entitlement from request access

Hi All,

We have requirement to exclude the entitlement from the access request.

Requirement is : When a user selects the ‘A’ entitlement from the Manage Access section, we add the ‘B’ entitlement from the backend. However, both of these entitlements appear in the access request and are sent for approval. We would like to hide the ‘B’ entitlement from the access request and approval process." We should provision B entitlement to user as well

Is there any way to achieve this

@sureshbomm

How are you including entitlement ‘B’ in the provisioning plan? If it’s being added before the approval step, SailPoint will automatically incorporate entitlement ‘B’ while constructing the approval set.

To address this, you can either update the plan after the approval step to include entitlement ‘B’ or utilize a “Before Provisioning Rule” instead.

To remove entitlement ‘B’ from the “Manage User Access” page, you can write a rule in the “What can members request?” section of the QuickLink population.

@sureshbomm
Please use before provisioning rule in that case where in your before provisioning rule check if entitlement A is requested, add the entitlement B as well in the attribute request, this way you can avoid approval process.

Thanks for your reply @iamksatish and @amishra97

"I tried to add the entitlement using the Before Provisioning rule, but the rule is not executing. I have added logs in the rule for debugging but i can’t see the logs also.

I’m selecting an entitlement from the Delimited application and adding the ‘AD’ (B) entitlement through the Before Provisioning rule."

Hi @sureshbomm

Since provisioning is disabled for the delimited application, none of the provisioning rules will be executed. Instead, you can modify the plan either after the “Approve” step or before the “Provision” step, considering the workflow “Approve and Provision” Subprocess.

@sureshbomm As aprpitha mentioned your before provisoning rule will not call for delimited application , now you have option to add this entitlement after approval so that you can validate if entitlement a is added then add b also. this u can do in provisioning workflow add there your validation and add this ent is also in getUnmanagedPlan plan (identity Request provision)