We are exploring the available options to customize certifications in ISC. However, we have not been able to make these customizations through the UI, and the official documentation does not provide clear guidance. Any reference links or your inputs on the following points would be greatly appreciated.
Kindly note that, I am trying to configure the options that are available in IIQ to implement in ISC.
How can we specify an owner for a certification?
Where can reminders and escalations be configured?
Is it possible to write a certifier rule to fetch the certifier from an identity attribute?
How can we implement all the rules like signoff, exclusion, …
Certification owners in ISC are determined during campaign setup.
Available owner options are:
Manager (line manager of the identity, based on the Manager attribute)
Source Owner (based on the source you select)
The system automatically assigns the certification to the selected owner type.
Custom certifiers based on other identity attributes are not supported in Manager or Source Owner ceritification. But custom certifiers is possible in search based certification campaigns.
2. Reminders and Escalations
Reminders are system-driven: ISC automatically sends reminder notifications to certifiers during the campaign lifecycle.
Campaign owners get a reminder email 1 week before preview generation.
Reviewers are notified when the campaign starts.
Reviewers receive weekly reminder emails until the due date.
No emails after the due date.
Campaign duration and due dates are configured at campaign creation.
Default campaign deadline = 2 weeks from creation.
Escalations (e.g., reassigning if no action is taken) are not configurable. They follow ISC’s built-in process.
IDN prevents self-certification. If done, first it is sent to the manager, if the manager is not available it is sent to the campaign owner, and if the owner is absent it is sent to the admin.
3. Certifier Selection from Identity Attributes
ISC does not allow writing rules to dynamically choose a certifier from a custom identity attribute.
Certifiers can only be assigned using the standard options (Manager, Source Owner, Search Based Campaign).
You can use Campaign filters to filter out the certain stakeholders while generating the campaign.
4. Rules (Signoff, Exclusion, etc.)
ISC does not support custom rules for certifications.
What is available:
Exclusions can be configured during campaign setup (exclude identities, applications, or sources).
Signoff behavior is predefined: a campaign closes when all items are reviewed or when the duration ends.
Notifications and reminders are automated and not rule-based
5. Reports
Campaign composition report- describes the configuration of the certification campaign, including the name, description, due date, email settings, and campaign filter used for any certification campaign.
this report is not supported if they use exclusion rules
Status report - contains the status of all access items in the campaign. The report name includes the date and time the report was generated. The time is displayed in GMT.
Remediation report - This report is available after an administrator has completed a campaign. It contains the current state of any items that were disapproved during the certification campaign
Sign off report - report lists each active and completed certification.