Hi,
I see the Segment feature works fine for users in the same segment. However, I see when we make request for on-behalf of others, where we can see the restricted users in the segment.
Is this a bug and do we have any solution?
Thanks,
joebinm
What you described is expected. Segments only apply to the requester, not the requested for. I encourage you to submit an idea though if you want it to behave differently. https://ideas.sailpoint.com
Thanks @colin_mckibben.
I am looking at solution to auto-deny the specific Access Request (say AP1) for the specific users (say EmpType=Contractor).
I am able to achieve this using Segment out of the feature. But on-behalf still allows to make request for anyone on anything.
Thanks,
joebinm
I understand the goal you are trying to achieve, but Segments currently doesn’t work the way you are wanting it to. Again, I encourage you to submit an idea so that our product team will be made aware of the ask.
In the meantime, one potential solution is to leverage the access request preapproval trigger to autodeny requests based on your criteria. You can watch my talk on how to use this particular trigger: Event Triggers: Getting Started and Advanced. You could also use a low code tool, like Workato, to setup the preapproval trigger. You can find our Workato connector here: Login to build your integrations, automations | Workato