Working with access requests
You can use access requests to gain access to apps or business roles. With an approval process that kicks off automatically, you can quickly access the systems and apps you need to perform your job. You can even request access for new teammates or employees.
You can request access to the following:
- Roles - A bundle of access based on your position in your company. For example, if you are an accountant, you can request access to the Accountant role.
- Entitlements - Access rights, such as group memberships or access permissions, granted to a user. For example, you can request to be added to a specific distribution list or Active Directory group in your organization to receive the access permissions granted to that group.
- Access Profiles - Depending on your org's configuration, you may be able to submit access requests for access profiles. An access profile is a bundle of access entitlements that represent a specific set of access. For example, if you are an engineer and need access to Jira, you may select the Engineering access profile to gain the required entitlements.
-
Applications - A set of access related to a specific application within your company. When you request access for an app, you’ll be asked to select an access profile.
Note
If the access profiles list is empty, you may not be configured to use access profiles on that app.
Requesting access
-
Select Request Center from the navigation menu.
-
Select who you are requesting access for. Depending on your configured permissions, you may have the following options:
-
Request for Myself - Make an access request for yourself.
-
Request for Your Team - Make an access request on the behalf of your direct reports.
-
Request for Others - Make an access request on behalf of someone in your org. Choose the identities who need this access from the Select Identities dropdown list. Inactive identities, such as identities who are on leave or who have left your organization, may not appear in this list. Select Request Access to continue.
Note
If you only have permission to request for yourself, you do not need to choose who to request access for and will go directly to step 3.
After you’ve added all identities, select Request Access to continue.
-
-
On the Request Access Page, select items for your request. Use the left navigation to choose the type of items to view:
-
Applications - Choose an application, then select the access profiles you want to request for that application.
-
Access Items - Select from a combined list of Roles, Entitlements, and Access Profiles, or select one of these subcategories to narrow your search.
-
If your organization has the Recommendations service, select Recommended from the left panel to view your recommended access items. The Recommended option only displays if you’re requesting access for yourself and there are active recommendations. You can request or ignore a recommendation.
Use the search field at the top of the page to search for applications or access items. You can search by any set of characters from the item's name or description. Additionally, on the Access Items page and its sub-pages, you can search by source name or application name.
-
Entering a source name or partial source name returns all entitlements and access profiles associated with that source.
-
Entering an application name or partial application name returns all access profiles associated with that application.
Select Details on a card to view more information.
A running count of your selected items appears just below the search field. You can switch between viewing the full list of options and reviewing just those you have selected using the View toggle.
If you want to adjust the list of identities you are requesting access for, select the Pencil icon in the header, then add or remove people.
-
-
If you are using the Recommendations page, choose your options and then select Request. If you would like to dismiss any recommendations, select Ignore.
Add comments as required and select Submit to submit each request.
-
If you are using the Applications or Access Items pages, use the Select button to add any item to your request.
-
If you request access to an application, select the appropriate access profiles on the access items panel, then select Save Selections.
-
If the request requires a comment, add a comment about the request to help reviewers understand why this access is needed. Select Save to save your comment.
-
When you have selected the applications and access items you need, use the Review Request button at the upper right to review your selections.
Note
You can request access for multiple access objects at once. Entitlements are limited to 25 at a time for up to 10 users, but there is no limit for roles or access profiles.
- Use the review page to verify or adjust your request, then select Submit Request.
-
-
(Optional) If you are using the Applications or Access Items pages, you can set an expiration date for the access.
When an item has been requested with an expiration date, you can change that expiration date by submitting another access request with a different expiration date. The most recent request will supersede the prior one. You can also edit this date on the My Team page or My Access page to initiate a request for a date change.
Expiration dates and deprovisioning
For requests submitted through the user interface, Identity Security Cloud automatically starts the deprovisioning process on the expiration date at 12:00 AM, in the time zone defined in the requester’s browser settings.
- Expiration dates can include a time component when they are submitted through Identity Security Cloud’s API with the Submit an Access Request endpoint. The time is included as part of the
removeDate
attribute.
If Identity Security Cloud is directly connected to the source system, the access is automatically deprovisioned.
- The expiration date is not sent to the source system as an account attribute.
If Identity Security Cloud is not connected to the source system, a manual task to remove this access is created and assigned to the source owner.
- Expiration dates can include a time component when they are submitted through Identity Security Cloud’s API with the Submit an Access Request endpoint. The time is included as part of the
-
Once you submit a request, the confirmation page includes the Submit another request button that returns you to the Request Access page. From there, you can submit another request for the same audience or review your request.
-
You can adjust the list of people you are requesting for using the Pencil icon .
-
On the Request Access page, view your submitted requests by selecting My Requests from the left navigation. To cancel a pending request, select Cancel for that request.
-
The system validates the access request and sends the requester an email identifying which requests were successfully and unsuccessfully submitted. For example, if you request access for an access item you've already been assigned, that specific request will not proceed forward. If requests for other items in that access request were successfully submitted, those requests will move forward.
If your request does not require approval, you may receive access immediately. This may take longer if the access must be manually provisioned.
If your request requires approval, the request is sent to a reviewer or multiple reviewers. Each reviewer must approve your request before you are granted access. Your administrator may configure your org to reassign your request to another reviewer if the assigned reviewer does not review it by a set time.
Items in a request are individually provisioned as they are approved and can be canceled without affecting other items in the request.
You will receive an email when your request is approved or denied. If your request is denied, you can contact the reviewer who denied the request for more information.
Documentation Feedback
Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.