Request to remove access
Managers can remove access from their direct reports through a remove access request for accounts (applications), roles, and entitlements.
When a manager submits the remove access request, the approver(s) of the resource approve or reject the remove access request.
To submit a remove access request:
-
Sign on to the Advanced Identity Cloud end-user UI and navigate to My Directory > Direct Reports.
For more information on this screen, refer to direct reports.
-
Click any of the following tabs:
-
Accounts (applications)
-
Entitlements
-
Roles — For roles, if the Assignment column has the value of rule-based, you cannot request to revoke the role.
-
-
Click the ellipsis icon () next to the desired resource, and click Revoke.
-
Next, fill out the following fields:
-
Justification — Enter a reason for revoking access to the selected resources.
-
Priority — Select one of the following:
The priority levels don’t affect how Identity Governance processes requests. your company determines the value assigned to the request. -
Low
-
Medium
-
High
-
-
Apply Expiration Date — Optional. Expire (cancel) the remove access request if the approver(s) haven’t approved or rejected it by the specified date.
-
-
Click Submit Request.