Restricting user to request only one entitlement from Manage Access

RajGopal · September 22, 2025, 11:56am

-Hi,

I am integrating one application, for that user can request only one entitlement at a time, we need to restrict the user to request multiple entitlements request in one go.

We wrote one script in provisioning policies create form if user request multiple entitlements, then it will return one error to user like (You can select request only one entitlement), up to this everything is fine.

But in Access request that request is in waiting state. Is there any way terminate the request without generating the Access request or rid of that waiting access request.

vijaysuddala · September 22, 2025, 12:50pm

Hi @RajGopal

we can restrict entitlement selection using a plugin that injects JavaScript into the Request UI. It checks if more than one entitlement is selected and shows a popup like ‘You can’t select more than one entitlement.’

if (selectedEntitlements.length > 1)

{
alert(“You can’t select more than one entitlement.”);
return false;
}

selvasanthosh · September 22, 2025, 3:39pm

Hi @RajGopal

To restrict users from requesting multiple entitlements at once and prevent the access request from staying in the waiting state:

Validate entitlement count in the Access Request Policy Rule and return an error if more than one is selected (“You can select only one entitlement”).
Use SailPoint’s Cancel Access Request API to automatically cancel the access request if the validation fails, preventing it from entering or staying in the waiting state.

This way, invalid requests are blocked upfront and any waiting requests are programmatically terminated.

Example approach:

In your policy rule, check entitlement count.
On violation, call the Cancel Access Request API for the current request ID to remove the waiting request.

This is the cleanest way to enforce your single entitlement request rule and avoid stuck access requests.

naveenkumar3 · September 23, 2025, 3:39am

I can also thing, there are 2 ways to do it. One is you make changes to the lcm workflow where you create a validation step. Which basically checks, if user selects multiple entitlements and click submit, then the workflow code check, if there are more than one entitlements selected for the application, it is should throw an error.

The other easier way will be via plugin.

Try it yourself anyone you want to proceed, if you want help with plugin or adding a validation step. Do let me know.

Topic		Replies	Views
Entitlement SOD, allow only one entitlement from an application IIQ Discussion and Questions	9	1667	July 19, 2023
Entitlement request IIQ Discussion and Questions identityiq	3	38	June 10, 2025
Access Requests with single and multi requests entitlements ISC Discussion and Questions identity-security-cloud , provisioning , access-requests	3	422	April 6, 2024
Is it possible to add multiple entitlement in single access request ISC Discussion and Questions identity-security-cloud , access-requests , entitlements	3	809	September 16, 2023
Limit entitlements selection in Access Request IIQ Discussion and Questions identityiq , access-requests	10	173	May 25, 2025

Restricting user to request only one entitlement from Manage Access

Related topics