Change lifecycle settings for an access package in Azure AD entitlement management

As an access package manager, you can change the lifecycle settings for an access package at any time by editing an existing policy. If you change the expiration date for a policy, the expiration date for requests that are already in a pending approval or approved state will not change.

This article describes how to change the lifecycle settings for an existing access package.

Open requestor information

To ensure users have the right access to an access package, custom questions can be configured to ask users requesting access to certain access packages. Configuration options include: localization, required/optional, and text/multiple choice answer formats. Requestors will see the questions when they request the package and approvers see the answers to the questions to help them make their decision. Use the following steps to configure questions in an access package:

Open lifecycle settings

To change the lifecycle settings for an access package, you need to open the corresponding policy. Follow these steps to open the lifecycle settings for an access package.

Prerequisite role: Global administrator, Identity Governance administrator, User administrator, Catalog owner, or Access package manager

  1. In the Azure portal, click Azure Active Directory and then click Identity Governance.

  2. In the left menu, click Access packages and then open the access package.

  3. Click Policies and then click the policy that has the lifecycle settings you want to edit.

    The Policy details pane opens at the bottom of the page.

    Access package - Policy details pane

  4. Click Edit to edit the policy.

    Access package - Edit policy

  5. Click the Lifecycle tab to open the lifecycle settings.

Lifecycle

On the Lifecycle tab, you specify when a user's assignment to the access package expires. You can also specify whether users can extend their assignments.

  1. In the Expiration section, set Access package assignments expires to On date, Number of days, Number of hours, or Never.

    For On date, select an expiration date in the future.

    For Number of days, specify a number between 0 and 3660 days.

    For Number of hours, specify a number of hours.

    Based on your selection, a user's assignment to the access package expires on a certain date, a certain number of days after they are approved, or never.

  2. Click Show advanced expiration settings to show additional settings.

    Access package - Lifecycle Expiration settings

  3. To allow user to extend their assignments, set Allow users to extend access to Yes.

    If extensions are allowed in the policy, the user will receive an email 14 days and also one day before their access package assignment is set to expire, prompting them to extend the assignment. The user must still be in the scope of the policy at the time they request an extension. Also, if the policy has an explicit end date for assignments, and a user submits a request to extend access, the extension date in the request must be at or before when assignments expire, as defined in the policy that was used to grant the user access to the access package. For example, if the policy indicates that assignments are set to expire on June 30, the maximum extension a user can request is June 30.

    If a user's access is extended, they will not be able to request the access package after the specified extension date (date set in the time zone of the user who created the policy).

  4. To require approval to grant an extension, set Require approval to grant extension to Yes.

    The same approval settings that were specified on the Requests tab will be used.

  5. Click Next or Update.

Next steps