Hi All,
Sometimes, we encounter sticky entitlements in certain identities. These are entitlements added by LCM that remain attached to identities even after being deleted at the link.
To learn more about sticky entitlements and how to remediate them, there are several posts that explain the approach of cleaning up attribute assignments, which is a common reason for this issue. I’ll be attaching those useful links here.
However, I’ve found another reason for sticky entitlements and wanted to share this knowledge. Another cause could be identity requests that are in an executing status but never complete. There could be various reasons why your identity requests get stuck in this status. Identifying and fixing the root cause is crucial. Once your identity requests move out of the executing status, the problem can be resolved by running refresh tasks. If the issue isn’t fixed, running refresh tasks (with options like Refresh Identity Entitlements for all links and Refresh assigned, detected roles, and promote additional entitlements) won’t solve the problem. Alternatively, you can terminate such identity requests and then run refresh tasks.
In my case, identity requests got stuck in executing status indefinitely due to a failure in the ticketing system.