Access Package Management

An access package is a bundle of all the resources with the access a user needs to work on a project or perform their task. Access packages are used to govern access for your internal employees, and also users outside your organization.

Microsoft Entra ID access package management can help you manage access to Groups & Teams, Applications, and SharePoint Online sites as a bundle.

The following operations are supported for the Microsoft Entra ID access packages object type:

Aggregation of custom access package objects (a combination of access package and policy) as a separate group type.
Aggregation of user membership to access packages during account aggregation.
Add and Remove access packages entitlements to users.

Administrator Permissions

Purpose	Permission Type	Permissions
Aggregate Access Packages	Application	EntitlementManagement.Read.All
Read Access Packages entitlements for Accounts	Application	EntitlementManagement.Read.All
Add and Remove Access Packages for Accounts	Application	EntitlementManagement.ReadWrite.All

For more information on the required permissions, refer to Required Permissions

Supported Schema Attributes

To manage the Microsoft Entra ID access package objects, ensure that the attributes in Access Package Attributes are present in the group schema.

To aggregate access packages assigned to the user during account aggregation, ensure the accessPackages attribute is present in account schema. This attribute lists the access packages assigned to the user.

Note
The Microsoft Entra ID connector provisions accessPackage entitlements only through admin context. Therefore, the approval settings configured in the assignment policy does not get triggered.

Configure Access Packages in Source

Go to Feature Management.
Select Manage Access Packages to turn this feature on or off. When this is turned off, you see a black X. If it is turned on, you see a blue ✔. The default is off.
Select the Manage Hidden Access Packages checkbox to manage access packages hidden from end users in the My Access portal.
Select Save.

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.


	You are here:

Access Package Management

Administrator Permissions

Supported Schema Attributes

Configure Access Packages in Source

Documentation Feedback