Scheduled Removal of specific Entitlement(Test Group) from identities via workflow

baoussounda · August 7, 2025, 6:15pm

Yes, you can :

Use workflow schedule trigger
Search all identities with entitlement search “Test group” with HTTP Action, search endpoint, and filter like :

{
    "query": {
        "query": "@access((name.exact:\"Test Group\" AND type: \"ENTITLEMENT\"))"
    },
    "indices": [
        "identities"
    ],
    "includeNested": true,
    "sort": [
        "displayName"
    ],
      "queryResultFilter": {
    "includes": [
      "id",
      "displayName"
    ],
    "excludes": [
      "stacktrace"
    ]
  }
}

Then use loop operator and for each entry use Manage Access to revoke entitlement for each identity

Note: loop cannot have entry greater than 100, so ifyou have many entries,you can condiser this Alternative ways to match the limitation of worflow loop allowing 100 iterations - Identity Security Cloud (ISC) / ISC Discussion and Questions - SailPoint Developer Community

Topic		Replies	Views
Workflow - Remove Entitlements from selected source ISC Discussion and Questions workflows , identity-security-cloud , entitlements	19	2361	October 24, 2023
Entitlement removal workflow issue ISC Discussion and Questions workflows , identity-security-cloud , provisioning , entitlements	3	442	January 13, 2024
Workflow Remove Entitlements ISC Discussion and Questions workflows , identity-security-cloud , lifecycle-management , entitlements	9	182	November 22, 2024
Workflow - Remove entitlements when a identity turns inactive ISC Discussion and Questions workflows , identity-security-cloud , entitlements	14	331	April 13, 2025
Fetching specific entitlements in workflows ISC Discussion and Questions workflows , identity-security-cloud , provisioning , entitlements	8	170	October 13, 2024

Scheduled Removal of specific Entitlement(Test Group) from identities via workflow

Related topics