Hey everyone! I’m diving into SailPoint ISC certification campaigns and specifically looking at how to implement granular ‘rules’ for campaign scope. For those familiar with IdentityIQ, you know how powerful custom rules were for this.
ISC’s approach seems to differ, so I’m curious: What are the most effective ways you’ve found to apply complex, rule-based logic to define what gets certified? I’m exploring Campaign Filters and Search-Based Campaigns, but would love to hear any other strategies or experiences you’ve had. Let’s discuss best practices!
Hi @kselvaraj - great question. I’d been where you are when I transitioned from IIQ to ISC.
One of the key ways ISC differs in its approach from IIQ is how solutions are designed. ISC encourages standardization and simplicity, which is in stark contrast to the way of working with IIQ, which promotes customizability.
As such, ISC “misses” a lot of those features like certification rules from IIQ, but instead provides standardized alternatives like the ones you mentioned: Certification Campaign Filters, Search-based Campaigns and also Workflows.
The best practice therefore is to try and achieve what you could via rules through the use of these low/no-code tools. If you absolutely cannot achieve your certification requirements through these OOTB means, the best alternative is to create a custom solution through the use of SailPoint’s REST APIs and a scripting tool like PowerShell SDK.
You could benefit from this community if you can share your specific requirements for the certification you’re trying to implement, perhaps there are ideas you might get from the answers here.
Thank you @sushantkulkarni. Given that I don’t have a concrete requirement to solve just yet, I’m purely in exploration mode. How have others approached implementing complex, rule-based campaign filtering in ISC? I’d really appreciate any insights or experiences you’ve had in this area as we’re just gathering information on available options.
In a lot of cases, when your clients/customers choose to move to ISC, they will be open to certain process changes when it comes to some of the governance activities like certifications.
The best case scenario would be to model the certification design through the use of OOTB features available with filters, search queries or workflows, and enforce process changes where necessary.
But it isn’t always possible for some organizations to change existing processes at short notice, or ever. In those cases, and if you absolutely cannot achieve the certification requirements with OOTB features, you can explore certification through REST APIs and external scripting, like via PowerShell. You’d still be limited to what REST APIs can let you do, but gain some additional flexibility.
Yes absolutely . We want to set up User Access Reviews (UARs) for our JDBC application where the UAR is triggered or scoped when position details change. Our goal is to perform UARs based on specific value-based criteria for these identities.
Has anyone else implemented something similar for JDBC sources or for UARs driven by identity attribute changes (like position details)? Any insights on best practices, challenges, or alternative approaches would be greatly appreciated!"