Access Review for application Entitlements need Manager approval and Entitlement Owner approval

IdentityIQ (IIQ) IIQ Discussion and Questions
,
1

Which IIQ version are you inquiring about?

8.4

I Need some inputs for Certifications. Access Review should go to Manager approval and Entitlement Owner approval for specific application.

Can you please suggest which certification meets this requirement?

If possible, let me know the process to do to meet my requirement.

2

Hi @Venkatesh0510 ,

you can use sign off approver rule in certification to achieve this.

3

Hi @Chathurya ,

Thanks for the response.

Can i Use Manager Certification for Manager approval and use signoff approver rule for entitlement owner approval?

4

Hi @Chathurya ,

Can you please suggest me which certification type meets my requirement?

5

Hi @Venkatesh0510 ,

you can use the manager certification , and use the sign off approver rule to include another level of access review from entitlement owner. But when the entitlement owner views the access request , he will able to see the decisions taken by manager previously and act accordingly.

Below is the sample code to include another level of access review by entitlement owner.

import org.apache.log4j.Logger;
  import sailpoint.object.Certification;
  import sailpoint.object.Identity;
  import sailpoint.object.EntitlementSnapshot;

  import sailpoint.object.CertificationItem;
  import sailpoint.object.CertificationEntity;

  import java.util.List;
  import java.util.ArrayList;

  import sailpoint.object.QueryOptions;
  import sailpoint.object.Filter;

  import sailpoint.object.ManagedAttribute;

  import sailpoint.tools.Util;


  import java.util.Map;
  import java.util.HashMap;

  String appName =  "LDAP App"; // App Name 

  if(certification!=null){

    List history = certification.getSignOffHistory();

    if(history!=null && history.size()<=1){

      List entities = certification.getEntities();

      if(entities!=null && !entities.isEmpty()){

        for(CertificationEntity entity : entities){

          List items = entity.getItems();

          if(items!=null && !items.isEmpty()){

            for(CertificationItem item : items){

              List apps = item.getApplicationNames();

              if(apps!=null && apps.contains(appName)){

                String itemType = item.getType().toString();

                if(itemType!=null && itemType.equalsIgnoreCase("Exception")){

                  EntitlementSnapshot entitlementSnapshot = item.getExceptionEntitlements();

                  if(entitlementSnapshot!=null){

                    String attributeValue =  entitlementSnapshot.getAttributeValue();

                    if(attributeValue!=null){

                      QueryOptions qo = new QueryOptions();

                      qo.addFilter(Filter.eq("value",attributeValue));

                      Iterator iterator = context.search(ManagedAttribute.class,qo);

                      while(iterator!=null && iterator.hasNext()){

                        ManagedAttribute managedAttribute = (ManagedAttribute) iterator.next();

                        Identity entitlementOwner = managedAttribute.getOwner();

                        Map map = new HashMap();

                        map.put("identity",entitlementOwner);
                        
                        return map;

                      }

                    }

                  }
                }

              }
            }

          }

        }

      }

    }
    
  }

    return null;