Hi Team,
I’d like to propose a feature enhancement for SailPoint IdentityIQ that I believe could be valuable to many of us in the community.
Current Limitation:
While IIQ currently supports date-based access expiry, it lacks native functionality for time-based access control—specifically, the ability to request access for a defined start and end time within a given day.
Client Use Case:
One of our clients required the ability to provision access only for a specific time window (e.g., from 2:00 PM to 6:00 PM on a certain date). This was especially important for short-term elevated access, shift-based access, and emergency scenarios. Unfortunately, since this isn’t supported out of the box, we had to implement it via a custom workflow that captures and evaluates time in addition to the date.
Why This Matters:
- Industries like healthcare, finance, and IT operations often require fine-grained access control for security and compliance.
- Access should be automatically revoked not just by date but by the exact time when it’s no longer required.
- Avoids the need for ongoing custom development or manual cleanup.
Proposal:
It would be great to have native support in IdentityIQ for time-bound access requests, including:
- Start date & time
- End date & time
- Integration with provisioning and de-provisioning logic
- Reporting and certification support for time-bound roles/entitlements
Happy to share more about our implementation or collaborate with anyone facing similar needs.
Looking forward to the community’s feedback and thoughts!