Skip to content

Reviewing access requests

Depending on how your org is configured, you may be asked to review requests for access and access removals. When a request is approved, the user’s access for an application, role, or entitlement is granted or removed, depending on the type of request. If you deny a request, the approval process stops, and no access is granted or removed.

Reviewing requests

When you need to review a request, you will receive an email notifying you that it's ready for your review.

Note

If someone else in your governance group has already reviewed an access request, it will disappear from your list. Only one person per group needs to approve or deny access.

  1. From the navigation menu, select Approvals to open your requests.

    Access Request Approvals screen capture showing requested items cards

    Tip

    Pay attention to the words Grant or Remove next to the role name to stay aware of whether you are approving new access or approving the removal of access.

  2. In the Requested tab, select a request card to review details about the request.

    Tip

    Depending on your tenant’s configuration, additional data may display in access requests that can be used to help inform your decisions. For example, the following data may be available in requests for entitlements and access profiles:

    • Popularity - The percentage of the identity's team members who have this access.
    • Usage popularity - The percentage of the identity's team members who have used this access item's source in the past 90 days. This data is updated every 4 hours.
  3. Select Approve or Deny.

    If you believe someone else is better suited to review this request, select Reassign to reassign the request to them.

When you approve a request, the following can occur:

  • If the request requires multiple reviewers, it is sent to the next reviewer in the queue.
  • If you're the last reviewer in the review process for this request, the user's access is added or revoked, depending on the type of request.

If you deny a request, you may be prompted to enter the reason you are denying the request.

After you deny a request, the approval process ends. Even if there are multiple reviewers in the queue, only one reviewer needs to deny access to stop the process.

If your administrator has configured an escalation policy, you may receive reminder emails until you review the request. The request may be reassigned to another reviewer, such as your manager, if you do not review it within the time designated in the policy. Contact your administrator for more information.

To view access requests you've already approved or denied, select the Reviewed tab. Select a request to view its details, your comments, the original requester's comments, and any reassignment-related comments.

Reassigning requests

You may need to reassign requests to another user if they are better suited for that approval. You can reassign requests to ensure users get access to the data and applications they need.

  1. Select Approvals from the navigation menu.

  2. In the Requested tab, locate the request you want to reassign and select Reassign.

  3. In the Reassign To field, enter the name or email address of the new reviewer.

  4. In the Add Comments field, enter the reason you're reassigning this access request to the new reviewer or any other comments related to the request.

  5. Select Reassign to reassign the request.

The new reviewer will receive an email that the access request has been reassigned to them.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.