What is the revocation phase?

Which IIQ version are you inquiring about?

8.3

Hello
I hope this question isn’t too silly.

Can someone help me understand what revocation is and what should happen during the revocation phase?

We are adding a challenge phase to our certifications and have tried automatic closing with revoke as an action. We’ve tried this with and without the revocation phase enabled. The message always say that the role has been revoked but was not removed. The role is always removed and I am left scratching my head.

Thanks in advance for any help on understanding what is going on.

Hi @ralfonse ,

When the Revocation period is enabled, the Perform Maintenance task continuously monitors remediation requests throughout the entire duration of the Revocation period.
If the Revocation period is not enabled, remediation requests are submitted for processing but are not tracked.

Ensure that the “Scan for completed revocations” option is enabled in the Perform Maintenance task. By default, this scan runs at a one-day interval.

If you do not complete the aggregation or remediation scan within the Revocation period, you will receive the message: “Item was revoked but has not been removed.”

Does this mean it reaches the end phase, but doesn’t really end, it kicks of revocation phase which could last x amount of time?

Once the time is up it will process what has been decided during the certification process?

And if no revocation period is set it will process the decisions in the certification phase when it reaches the end phase, but not track it?

It is super confusing.

Hi @ralfonse ,

Does this mean it reaches the end phase, but doesn’t really end, it kicks of revocation phase which could last x amount of time?
The End phase is the final phase of the certification process in SailPoint IIQ. If the Revocation period is enabled, the access review will enter the End phase only after the Revocation period has been completed.

Once the time is up it will process what has been decided during the certification process?
The aggregation or remediation scan is not completed within the designated Revocation period, you will see the message: “Item was revoked but has not been removed.”

And if no revocation period is set it will process the decisions in the certification phase when it reaches the end phase, but not track it?
if revocation period is not enabled, remediation requests are submitted for processing but are not tracking. they will be considered as revoked, meaning that the system assumes the necessary actions have been completed, without further tracking or follow-up

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.