Advanced Policy remediation

I’m trying to create an advanced policy. I’m using a rule to define the violation due to advanced logic for the violation. I’m able to create the violation. The problem I’m having is trying to remediate the violation. Since the violation is a collection of AD groups, I’d like to have IIQ prompt the user to remove one or more of the violating entitlements. This process works for the EntitlementSOD, but I can’t seem to get it to work for the Advanced SOD. In the policy rule, I’m adding the relevant Apps and the Violating Entitlements.

I noted that by default the EntitlementSOD template contains the certificationActions of Remediated,Mitigated,Delegated and the Advanced Template does not contain Remediated. I tried adding Remediated to the certificationActions in my advanced Policy object, but that’s only allowing me to create a manual work item and not select entitlements for de-provisioning.

Is it even possible to do what I’m trying to do? I feel like I have all of the data required and the XML for the Entitlement and advanced policy violation look the same, but I’m not sure if this is just a shortcoming of the advanced policy. Any help would be greatly appreciated.

Hi Team,

Any help on thoughts on this ?

@guduru510 yes advance policy does not give the selection option this is draw back only. with cert you can user rule in remediation or another rule for whatever stage u want to use then you can do that.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.