Hello all,
I am trying to set up a certification campaign using the search feature to only target some priviliged Roles/Access Profiles.
As some Roles can either be automatically granted through rules but also manually requested, I would like to target only the manual request in this certification campaign.
Any idea how I can achieve this ?
Thanks
In my experience that I documented in my linked topic, if you run an access item campaign against a specific access profile, identities that were assigned that access profile automatically via a role are not included. Hope this helps
Hi Mark, thanks for the input.
Indeed targeting Access Profiles only return non-birthright access thus no AP provided through Roles.
I was wondering if we could somehow do the same at the Role level, as the certification campaign does have the flag “birthright access” displayed we might be able to exclude those.
Hi all,
I could not find any way to start a certification campaign only on non-birth right access.
My workaround was to create a workflow that will automatically acknowledge all access that are birthright using the revocable attribute.
I submitted for this feature in the ISC portal : https://ideas.sailpoint.com/ideas/GOV-I-4020
David,
As a Workaround, you can use tags to set flag for Birthright roles and then use search query to only certify non birthright roles.
Also, you can use below query if Birthright roles are not requestable.
requestable:true
Thanks.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.