Skip to content

Managing Access Profiles

Access profiles are bundles of entitlements representing specific sets of access. For example, you may have one access profile that grants users read-only access to part of a system, and another access profile that grants users editing access on a wider part of that system.

Creating an Access Profile

Prerequisite: Load accounts and entitlements from at least one source.

To create a new access profile:

  1. From the Admin interface, go to Access > Access Profiles.

  2. Click New.

  3. Enter a Name and Description for your access profile.

    Best Practice

    Be sure the name and description of your access profiles are user-friendly and easy to understand. Certification and access request reviewers will use this description to make decisions about whether a user should have this access profile, and a detailed description will improve the quality and speed of their decisions. The character limit for this description is 2000 characters.

  4. Choose the source that contains the entitlements you want to use in this access profile.

  5. Select an owner for your access profile. If you have the Access Request service enabled for your site, the access profile owner can be configured to review access requests.

  6. If necessary, configure an approval process for your access profile. This option only appears if you have the Access Request service.

  7. In the Entitlements section, search for entitlements from the source you selected in step 4, and select them to add them to this access profile. Add at least one entitlement to your access profile.

  8. Select Save. The access profile appears in your list of access profiles. You can select the access profile to view the entitlements it contains at any time.

Editing Access Profiles

You can make changes to the name, description, and owner of any access profile in your site.

Prerequisite: Create at least one access profile

To edit an existing access profile:

  1. From the Admin interface, go to Access > Access Profiles

  2. Select the name of the access profile you want to edit.

  3. Make all applicable changes and select Save.


It is not possible to edit the entitlements in an access profile after it's created. You can create a new access profile with the entitlements you need.

Deleting Access Profiles

If you create an access profile and later decide you don't need it, you can delete it from IdentityNow. Deleting an access profile does not remove those entitlements from your system.


If your access profile is being used in any provisioning actions, including access requests, lifecycle states, or roles, you must remove it from those items before deleting it.


  • At least one access profile has been created
  • This access profile has been removed from any applicable provisioning configurations

To delete an access profile:

  1. From the Admin interface, go to Access > Access Profiles.

  2. Select the checkbox beside the access profiles you want to delete.

  3. Open the Menu icon and click Delete.

    A warning is displayed that reminds you to remove the access profile from provisioning configurations.

  4. Select Continue.

The access profile is deleted and removed from your list of access profiles.


If you delete an access profile after creating a certification campaign, the access profile will still appear in your certification.