Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
Issue adding users and groups to access package policies
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 26%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZT%3C/text%3E%3C/svg%3E)
Zach T
0
Reputation points
Within each access package is a policy. Within the policy is "Users who can request access" to the access package. There are times that we need to add new groups or user to the "Users who can request access" so that they can request the package. We update the policy with a new group or directly to the user. In the past this would work and show up for the user pretty quickly in their My Access to be able to request. Recently, this hasn't been working at all. New assignments to "Users who can request access" stick, but the user cannot see the access package in their My Access.
The access package is not part of a catalog, the policy is assigned to internal users, "Self" is checked under "Who can request access", it is enabled and not expired.
Microsoft Security | Microsoft Entra | Microsoft Entra ID
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 26%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGA%3C/text%3E%3C/svg%3E)
Gudivada Adi Navya Sri 21,095 Reputation points Moderator2026-02-04T07:13:58.58+00:00 Hi Zach T
An access package will only appear in My Access → Available if it meets all visibility conditions, including being associated with an enabled catalog. Visibility evaluation starts at the catalog level and only then evaluates access package policies.
In this case, although the policy configuration is correct (enabled, not expired, “Self” selected, and users/groups added under Users who can request access), the access package is not part of a catalog. As a result, the package is not discoverable in the My Access browsing experience.
This is expected behaviour and is documented here: https://learn.microsoft.com/en-us/entra/id-governance/entitlement-management-access-package-visibility
if browsing visibility is not required, users can still request access using a direct My Access link as you already enabled https://learn.microsoft.com/en-us/entra/id-governance/entitlement-management-access-package-settings
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 28.000000000000004%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKZ%3C/text%3E%3C/svg%3E)
Kaient Zintan 0 Reputation points2026-02-05T14:27:51.84+00:00 We have sameissue .. Our packages are created with policy and everything including catalog to be visible , self checked , enabled etc.. All in place as is automated process.
New packages or Adding a new group to an existing package that is already visible wont display for new group or users added under my Access.
The only work around to get it to display is to manually process the package for each new user(does not support groups) that will enable them access , i then remove it and magically the package is visible to them to request.
This certainly looks like a bug on MS side as it started probably around December 2025
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 22%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETG%3C/text%3E%3C/svg%3E)
Thanmayi Godithi 10,110 Reputation points Microsoft External Staff Moderator2026-03-13T17:33:57.63+00:00 Hey @Zach T, it sounds like you're facing an issue with users not being able to see access packages in their "My Access" portal even after adding them to the policy. Here are some steps and considerations that might help you troubleshoot this situation:
- Access Package Visibility: Even though you've correctly set up the policy (enabled, not expired, and groups/users added under "Users who can request access"), it's important to note that access packages will only be shown in "My Access" if they are part of an enabled catalog. If your access package is not associated with a catalog, it won’t be discoverable, which can lead to users not seeing it.
- Direct Access Link: If browsing visibility isn’t a requirement, you can still allow users to request access via a direct link to the access package in "My Access." This might be a temporary workaround until the browsing issue is resolved.
- Propagation Time: Sometimes changes can take a little while to propagate through the system. After making changes, give it some time (up to a few hours) and check again.
- Manual Workaround: As you mentioned, manually processing the package for new users temporarily fixes the visibility issue. This behavior might indicate a bug or a delay in the system’s recognition of new group assignments.
- Cached Information: Check whether there's any cached data on the user’s side that may be affecting visibility. They can try logging out and back in or refreshing their My Access portal.
- Permissions Check: Ensure that the users/groups you're adding have the necessary permissions to view the access package. A problem with permissions can also prevent visibility.
If the issue persists, it may be beneficial to touch base with Microsoft support or consult the following documentation for more insights:
- Microsoft Entra Entitlement Management – Access Package Visibility
- Request an Access Package
- Hide or Delete Access Package
Hope this helps! Let me know if you have any further questions or need more assistance!
Sign in to comment
Sign in to answer