Hello @vishal_kejriwal1 and @BCyr1 ,
thank you for your feedbacks so far! To recap:
- Add and Remove Access Items simultaneously is not possible
- Prevent Duplicate Access Item Requests the system automatically discards duplicates but only after the workflow has started. There is no standard OOTB feature to prevent this
-
- Account Activation/Deactivation is possible by following Request Handler Overview: Managing Accounts with Workflows - Content / Video Library - SailPoint Developer Community
The only point missing is the Entitlement removal. I think it would be possible in this way but I need your expertise to advise possible problems:
- Entitlement Removal Form. Create a custom Form in which is possible to select the target account.
- Within this Form, search for all entitlements associated to the target account and display them in a dropdown box. Make the entitlements selectable to the end-user
- “Recap for Approval Form”. Create a custom Form dedicated to approvers where they can see details like: the requester Identity, the target account and the target entitlements to be removed
- Create a custom workflow to start with a dedicated Launcher
- When started, the worflow presents the “Entitlement Removal Form” to the end-user.
- When the form is submitted, the workflow initiates an approval phase showing the “Recap for Approval Form” to the approvers with all the mandatory details
- Upon approval, the workflow calls SailPoint ISC APIs to remove the selected entitlements
Would this be correct?