Workflow - Cancel Pending Access Requests of a User

Hi All,

Is to possible to cancel all pending access requests of the user via a workflow?

Use case:

  • When the user lifecycle state is changed to inactive (e.g leaver)
  • Workflow makes HTTP request to IDN to retrieve all pending access requests of the triggered identity
  • Using a loop, another HTTP request to IDN to cancel their pending requests

First, using this API call to find the access request status of the triggered identity list-access-request-status | SailPoint Developer Community but I am not sure what would be the possible values for RequestedItemStatusRequestState.

Then another API call to cancel the access requests cancel-access-request | SailPoint Developer Community or close access request close-access-request | SailPoint Developer Community of the triggered identity.

Can you please help me with the steps and details needed for each HTTP Request action?


You can use Pending Access Requests beta API with filter eq ID_FROM_TRIGGER and iterate through the array using loop where you can send a HTTP request to cancel the access request.

1 Like

Hi Noor!

I would set up a workflow with firstly a HTTP call as input to a loop:

HTTP Request 1:

GET {{baseUrl}}/v3/access-request-approvals/pending? eq "{{$}}"

This way you will get all pending approvals for the specifik identity using filter:

This HTTP request becomes the INPUT for a LOOP.

Inside the Loop, configure a 2nd HTTP request:

HTTP Request 2:

POST {{baseUrl}}/v3/access-request-approvals/{{$}}/reject


  "comment": "Automatic rejection of pending requests for leaver identity"

This HTTP request will reject every pending access object in the list that you fetched before the Loop, for the specific identity.

Might be good to have some null checking before the very first HTTP request as well to avoid errors :slight_smile:

I believe these 2 HTTP requests is all you need for the use-case. You can add some “Send Email” actions wherever you wish for better clarity.

Hope it helps!


@Swegmann and @iamology

Thanks for your help with this. Appreciated!

I’ve successfully tested this workflow in sandbox.

@Swegmann I had to use a loop and the workflow runs successfully regardless whether the HTTP request has got a null value.


Hi @nhassan ,
Could you please provide the steps of the workflow?

Hi @polaraojalligampala

Screenshot of the steps and JSON script of the workflow are attached.

You can use this template and change these details accordingly (i.e tenant name, client ID and client secret in your HTTP Request action.

RejectLeaversPendingAccessRequests20240424.json (3.0 KB)