Skip to content

Discovering Common Access

Access Modeling helps IdentityNow administrators discover and manage access that is common across an organization and not tied to a specific job function. Bundling common, or birthright, access into roles that can be assigned to large groups of employees improves your access model by enabling:

  • Faster and more efficient onboarding
  • Fewer access requests and certifications of non-risky items
  • More relevant insights and suggestions from Role Discovery and Access Request Recommendations


The entitlements included in common access roles are excluded from future Role Discovery and Access Request Recommendations processes.

IdentityNow users can discover new common access roles in the following ways:

Confirm Discovered Common Access Roles After Signing In

  1. Sign in to IdentityNow. When SailPoint has discovered common access roles, admins receive a notification.

  2. In the notification, select Confirm common access to see the discovered common access roles.

  3. Deselect the Common Access checkbox for any roles you do not want to designate as common access.

  4. Select Confirm. SailPoint will check to see if there are any more common access roles and display them.

Discover Common Access Roles During Role Discovery

IdentityNow users can select the Discover Common Access Roles option when they discover roles starting from either Role Insights or Search.

Manually Designate an Existing Role as Common Access

You can designate an existing role as common access on the role page (Admin > Access Model > Roles > <role name>) by selecting the Common Access checkbox.

You can also designate an existing role as common access using the IAI Common Access API.