Set the access profile’s expiration date using Workflow.
There is the possibility of intercepting a request and setting an expiration date. for example, will every request expire in 90 days?
Tks.
Best Regards
You could setup a workflow that triggers on an “Access Request Submitted” event. If the request is to grant access, and no remove date is specified, you could then immediately submit a new access request to revoke the access in question on a given date by specifying the removeDate.
Is that actually working ? Based on my experience, you cannot revoke something you do not have. So I would go with a post approval trigger and submit the revoke in that workflow.
1 Like
Ah, thanks for pointing that out Olivier. It makes sense to use the post approval trigger instead.
I think the after submission may be the right idea. I would cancel the first request instead of revoking, and submit a new one. You can possibly make some updates on your email templates to stop emails from generating when you hit this condition.
If you wanted to do the it afterwards, you can do an after decision or after provisioning. You would likely need to do a few API calls to determine the status before performing the revoke and resubmission.
The only item of caution would be the amount of chatter. I am not sure of the volume of requests in your environment, but I have experienced some stability issues when you get thousands of workflow instances in a very short timeframe.
After “Post approval” and if provisioning failed, is access would be granted and can be removed ?
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.