Hi All,
Got (E1,E2,E3,E4) entitlements through access request. Based on detection Access profile 1 (E1,E2,E3) and Access profile 2 (E4) assigned to the account. How to revoke these access. Tried to revoke using access item certification, the access profiles are not showing up. How to revoke the detected access profiles?
By revoking the detected access profiles do you mean delete/remove all this entitlement from user ?
Because once an account have entitlements,the Access profile will continue to be detected (showing up).
Regarding revokation here the differents possibility that you have :
- Using Worfklow (You have manage access action that you can you to revoke any access items : role, access profiles, entitlements). This mainly use on JML Leaver process
- You can also you use Access Request API create-access-request | SailPoint Developer Community
Yes, I want to remove/revoke the entitlement from the user. The access items that are requested through the request center can be revoked. This is mentioned in the documentation. Here I’m trying to revoke or remove the entitlements (that are now groped under access profile through detection). Both the entitlements and access profiles are not showing in the access item certification. In the identity certification, certification generated and the approver can also able to revoke the access. But this is not reflecting in the accont and in the search also there is no certification happend.
With two provided solution in my previous comment you can revoke any access items (requested or detected).
In the first solution, what can I use for trigger? Workflow needs a trigger, right?
right. Trigger depend on your usecase.
Most usecases use identity attribute change trigger for managing access during leaver process.
Do you need just a manual action ? if yes using API action will be better
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.