Revoking all access based on identity attribute change


I am trying to create a workflow that revokes access based on an attribute changes. Both workflows run successfully, but nothing is being revoked.

I want to remove ALL access when the attribute changes.

I have tried both, but no access is being revoked. Please assist

1.) Workflow 1

2.) Workflow 2

Hi Dawn. Can you please provide more information?

  • Is the workflow failing, or is it succeeding but the access is not being revoked?
  • The manage access action submits access requests to revoke access. Are you seeing any access requests being created in request center to revoke the access? What about the access request status API?
  • Are you sure your get access action is retrieving the access you expect? Is it empty?
  • How are the get access and manage access steps configured? Screenshots would help.
  • Can you provide the execution log in a private message to me?

For the first workflow

1.) The workflow is succeeding , but the access is not being revoked.
2.) There are no access requests in the request center to revoke the access.
3.) I am getting all the access I am expecting, but when it goes to manage the access it is saying the identity isn’t found.
4.) I can send you the screenshots of how the get access and manage access steps are configured here:



5.) I can private message the logs.

For the second workflow
I reconfigured something, but I am unable to actually to test due to a parameter error that is being fixed.

Thank you

This is likely your issue. Can you please provide detailed screenshots of your loop configuration? Somehow, your loop is not passing the identity ID to the loop actions inside, so it is unable to revoke the access.

You have the wrong JSONpath for the identity in the Manage Access step inside your loop.

You have this: $
It should be this: $

More information on configuring the loop context can be found here: Operators - SailPoint Identity Services

After testing some access was revoked, but not all I am receiving three different error message.




Hi Colin,

Just an update I was able to achieve what I was looking for in terms revoking all access in reference to the solution you put here. Thanks again!


This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.