I’m trying to create an advanced policy. I’m using a rule to define the violation due to advanced logic for the violation. I’m able to create the violation. The problem I’m having is trying to remediate the violation. Since the violation is a collection of AD groups, I’d like to have IIQ prompt the user to remove one or more of the violating entitlements. This process works for the EntitlementSOD, but I can’t seem to get it to work for the Advanced SOD. In the policy rule, I’m adding the relevant Apps and the Violating Entitlements.
I noted that by default the EntitlementSOD template contains the certificationActions of Remediated,Mitigated,Delegated and the Advanced Template does not contain Remediated. I tried adding Remediated to the certificationActions in my advanced Policy object, but that’s only allowing me to create a manual work item and not select entitlements for de-provisioning.
Is it even possible to do what I’m trying to do? I feel like I have all of the data required and the XML for the Entitlement and advanced policy violation look the same, but I’m not sure if this is just a shortcoming of the advanced policy. Any help would be greatly appreciated.