Identity Cloud

Request to remove access

Managers can remove access from their direct reports through a remove access request for accounts (applications), roles, and entitlements.

When a manager submits the remove access request, the approver(s) of the resource approve or reject the remove access request.

To submit a remove access request:

  1. Log in to the Identity Cloud End User UI and navigate to My Directory > Direct Reports.

    For more information on this screen, refer to direct reports.

  2. Click any of the following tabs:

    1. Accounts (applications)

    2. Entitlements

    3. Roles — For roles, if the Assignment column has the value of rule-based, you can’t request to revoke the role.

  3. Click the ellipsis icon () next to the desired resource, and click Revoke.

  4. Next, fill out the following fields:

    1. Justification — Enter a reason for revoking access to the selected resources.

    2. Priority — Select one of the following:

      The priority levels don’t affect how Identity Governance processes requests. Your organization determines the value assigned to the request.
      • Low

      • Medium

      • High

    3. Apply Expiration Date — Optional. Expire (cancel) the remove access request if the approver(s) haven’t approved or rejected it by the specified date.

  5. Click Submit Request.

Copyright © 2010-2024 ForgeRock, all rights reserved.