Is anyone aware of how ISC can be ‘configured’ to only deprovision role / AP / entitlements after a pre-configured hour on the sunset date? e.g. Sunset date is set to today, but should not be deprovisioned (or attempt to deprovision) until after office-hour, but has to be completed before midnight.
From UI, it is only date.
But from API, you can set time as well for sunset.
So no configuration available then?
From the API perspective, can the sunset ‘time’ be modified on an approved request? (or modified at any time after the request is submitted from the GUI)
i.e. I only see an API to submit new access request with deprovisioning time. But I don’t see a way to modify GUI-submitted access requests. Maybe I’m not looking in the right place?
You need to submit request through API to set the sunset with a specific time.
Thanks, I’m already aware of that (see my comment before your reply).
Not a viable route for OOTB GUI-based end-user submitted access requests, unless you’re saying the submitted request can be modified via API (if so, which API?). There’s no PATCH operation against Access Request.
I believe you can modify an approved request via API.
You just need to send a request with REVOKE_ACCESS
and include the removeDate
in the body. This way, the deprovisioning date will be updated.
create-access-request | SailPoint Developer Community
This sounds so wrong in my head from an audit perspective. …but I’ll look into it. Thanks.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.