Please share any images or screenshots, if relevant.
[Please insert images here, otherwise delete this section]
Please share any other relevant files that may be required (for example, logs).
[Please insert files here, otherwise delete this section]
Share all details about your problem, including any error messages you may have received.
I have removed a role from an identity manually from IIQ, but the entitlements under that role are still present. Do I need to enable or configure any option to remove these automatically? Any suggestions would be appreciated.
Hi Hemalatha, welcome to the SailPoint Developer Community!
In IdentityIQ simply removing a role from an identity does not immediately remove the entitlements unless provisioning recalculation is triggered.
After removing the role, you need to run an Identity Refresh with the correct options enabled.
Recommended Fix
Run Identity Refresh and make sure to enable:
Refresh assigned roles
Provision assignments
Process events
The key option here is “Provision Assignments”.
This forces IIQ to recalculate access and generate a deprovisioning plan for entitlements that were granted through the removed role.
@HemalathaVignesh Removing the role via Access Request should automatically remove the entitlements without running the task. Please also review your LCM Provisioning and make sure doRefresh step has the necessary arguments passed to remove entitlements.
