Certification doesn't create CertificationGroup

IdentityIQ (IIQ) IIQ Discussion and Questions
, ,
1

Which IIQ version are you inquiring about?

Version 8.3

Share all details related to your problem, including any error messages you may have received.

I’m attempting to use the following certification when a mover event is detected. Despite the certification itself being created, no CertificationGroup is created, resulting in the certification not appearing in the certification tab.
How would I solve this issue? Are there any problems with the Certification Definition presented bellow?

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE CertificationDefinition PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<CertificationDefinition id="#01" name="CertificationDefinition-MoversEvent">
    <Attributes>
        <Map>
            <entry key="activePeriodDurationAmount" value="30"/>
            <entry key="activePeriodDurationScale" value="Day"/>
            <entry key="allowCertificationEntityBulkAccountRevocation" value="false"/>
            <entry key="allowCertificationEntityBulkApprove" value="true"/>
            <entry key="allowCertificationEntityBulkClearDecisions" value="true"/>
            <entry key="allowCertificationEntityBulkRevocation" value="true"/>
            <entry key="allowEntityBulkApprove" value="true"/>
            <entry key="allowListViewBulkAccountRevoke" value="false"/>
            <entry key="allowListViewBulkApprove" value="true"/>
            <entry key="allowListViewBulkClearDecisions" value="true"/>
            <entry key="allowListViewBulkMitigate" value="false"/>
            <entry key="allowListViewBulkReassign" value="true"/>
            <entry key="allowListViewBulkRevoke" value="true"/>
            <entry key="allowProvisioningMissingRequirements" value="false"/>
            <entry key="allowSelfCertification" value="CertificationAdministrator"/>
            <entry key="assimilateBulkReassignments" value="false"/>
            <entry key="autoSignOffWhenNothingToCertify" value="true"/>
            <entry key="automateSignOffOnReassignment" value="true"/>
            <entry key="automateSignoffPopup" value="true"/>
            <entry key="automaticClosingAction">
                <value>
                    <CertificationStatus>Remediated</CertificationStatus>
                </value>
            </entry>
            <entry key="automaticClosingComments"/>
            <entry key="automaticClosingDurationAmount" value="7"/>
            <entry key="automaticClosingDurationScale" value="Day"/>
            <entry key="automaticClosingEnabled" value="false"/>
            <entry key="automaticClosingRuleName"/>
            <entry key="automaticClosingSigner" value="admin"/>
            <entry key="bulkReassignmentEmailTemplate" value="EmailTemplate-BulkReassignment"/>
            <entry key="certOwner" value="WorkGroup-EX"/>
            <entry key="certification.remindersAndEscalations"/>
            <entry key="certificationActivePhaseEnterRule" value="Rule-CertificationPhaseChange-ActiveMovers"/>
            <entry key="certificationActivePhaseExitRule" value="Rule-CertificationPhaseChange-EndMovers"/>
            <entry key="certificationAutoApprove" value="false"/>
            <entry key="certificationChallengePhaseEnterRule"/>
            <entry key="certificationDecisionChallengedEmailTemplate"/>
            <entry key="certificationDelegationReview" value="false"/>
            <entry key="certificationDisableDelegationForwarding" value="true"/>
            <entry key="certificationEmailTemplate" value="EmailTemplate-AccessReview-StartMovers"/>
            <entry key="certificationEntityDelegationEnabled" value="true"/>
            <entry key="certificationFinishPhaseEnterRule"/>
            <entry key="certificationIncludeClassifications" value="false"/>
            <entry key="certificationItemDelegationEnabled" value="false"/>
            <entry key="certificationLimitReassignments" value="true"/>
            <entry key="certificationMitigationDeprovisionEnabled" value="false"/>
            <entry key="certificationMitigationEnabled" value="false"/>
            <entry key="certificationMitigationPopupEnabled" value="false"/>
            <entry key="certificationNameTemplate" value="Certification-Identity-Movers"/>
            <entry key="certificationReassignmentLimit" value="4"/>
            <entry key="certificationRemediationPhaseEnterRule"/>
            <entry key="certificationRequired.remindersAndEscalations">
                <value>
                    <NotificationConfig>
                        <Configs>
                            <ReminderConfig before="true" emailTemplateName="EmailTemplate-FrameworkAccessReviewReminder" millis="1209600000" once="true"/>
                            <EscalationConfig before="true" emailTemplateName="EmailTemplate-FrameworkAccessReviewDelinquent" millis="604800000"/>
                        </Configs>
                    </NotificationConfig>
                </value>
            </entry>
            <entry key="certificationRequiredDurationScale" value="Hour"/>
            <entry key="certificationShowRecommendations" value="false"/>
            <entry key="certificationSignOffApprovalEmailTemplate"/>
            <entry key="certificationSignatureType"/>
            <entry key="certificationType" value="Identity"/>
            <entry key="certifiedDurationScale" value="Hour"/>
            <entry key="certifier" value="WorkGroup-EX"/>
            <entry key="certifierOwnerAccount" value="ApplicationOwner"/>
            <entry key="certifierOwnerEntitlement" value="ApplicationOwner"/>
            <entry key="certifierOwnerRole" value="RoleOwner"/>
            <entry key="certifierType" value="Manual"/>
            <entry key="certifyAccounts" value="false"/>
            <entry key="certifyEmptyAccounts" value="false"/>
            <entry key="challengeAcceptedEmailTemplate"/>
            <entry key="challengeDecisionExpirationEmailTemplate"/>
            <entry key="challengeExpirationEmailTemplate"/>
            <entry key="challengeGenerationEmailTemplate"/>
            <entry key="challengePeriodDurationAmount" value="1"/>
            <entry key="challengePeriodDurationScale" value="Week"/>
            <entry key="challengePeriodEnabled" value="false"/>
            <entry key="challengePeriodEndEmailTemplate"/>
            <entry key="challengePeriodStartEmailTemplate"/>
            <entry key="challengeRejectedEmailTemplate"/>
            <entry key="completeCertificationHierarchyEnabled" value="false"/>
            <entry key="continuous" value="false"/>
            <entry key="electronicSignatureRequired" value="false"/>
            <entry key="enableAccountRevokeAction" value="false"/>
            <entry key="enableApproveAccountAction">
                <value>
                    <Boolean/>
                </value>
            </entry>
            <entry key="enableEntitlementAssignments" value="false"/>
            <entry key="entitlementGranularity" value="Value"/>
            <entry key="excludeBaseAppAccounts" value="false"/>
            <entry key="excludeInactive" value="false"/>
            <entry key="exclusionRuleName"/>
            <entry key="filterLogicalEntitlements">
                <value>
                    <Boolean/>
                </value>
            </entry>
            <entry key="flattenManagerCertificationHierarchy" value="false"/>
            <entry key="includeAdditionalEntitlements" value="true"/>
            <entry key="includeCapabilities" value="false"/>
            <entry key="includePolicyViolations" value="false"/>
            <entry key="includeRoleHierarchy" value="false"/>
            <entry key="includeRoles" value="false"/>
            <entry key="includeScopes" value="false"/>
            <entry key="includeTargetPermissions" value="false"/>
			<entry key="includedApplications" value="%%Movers_Applications%%"/>
            <entry key="mitigationDurationAmount" value="1"/>
            <entry key="mitigationDurationScale" value="Month"/>
            <entry key="mitigationExpirationEmailTemplate"/>
            <entry key="nameTemplate" value="Movers Cert [${fullDate}]"/>
            <entry key="notifyRemediation">
                <value>
                    <Boolean/>
                </value>
            </entry>
            <entry key="overdue.remindersAndEscalations">
                <value>
                    <NotificationConfig>
                        <Configs>
                            <ReminderConfig before="true" emailTemplateName="EmailTemplate-FrameworkAccessReviewReminder" millis="1209600000" once="true"/>
                            <EscalationConfig before="true" emailTemplateName="EmailTemplate-FrameworkAccessReviewDelinquent" millis="604800000"/>
                        </Configs>
                    </NotificationConfig>
                </value>
            </entry>
            <entry key="owners" value="WorkGroup-EX"/>
            <entry key="preDelegationRuleName" value="Rule-CertificationPreDelegation-Movers"/>
            <entry key="processRevokesImmediately" value="false"/>
            <entry key="remediation.remindersAndEscalations">
                <value>
                    <NotificationConfig enabled="true">
                        <Configs>
                            <ReminderConfig before="true" emailTemplateName="EmailTemplate-Reminder" millis="86400000" once="true"/>
                            <EscalationConfig before="true" emailTemplateName="EmailTemplate-Escalation" escalationRuleName="Rule-Escalation" maxReminders="5" millis="604800000"/>
                        </Configs>
                    </NotificationConfig>
                </value>
            </entry>
            <entry key="remediationPeriodDurationAmount" value="10"/>
            <entry key="remediationPeriodDurationScale" value="Day"/>
            <entry key="remediationPeriodEnabled" value="false"/>
            <entry key="requireApprovalComments" value="false"/>
            <entry key="requireBulkCertifyConfirmation">
                <value>
                    <Boolean>true</Boolean>
                </value>
            </entry>
            <entry key="requireMitigationComments" value="false"/>
            <entry key="requireReassignmentCompletion" value="false"/>
            <entry key="requireRemediationComments" value="true"/>
            <entry key="saveExclusions" value="false"/>
            <entry key="sendPreDelegationCompleteEmails" value="false"/>
            <entry key="shortNameTemplate"/>
            <entry key="signOffApproverRuleName"/>
            <entry key="stagingEnabled" value="false"/>
            <entry key="subordinateCertificationEnabled" value="true"/>
            <entry key="suppressEmailWhenNothingToCertify" value="true"/>
            <entry key="suppressInitialNotification" value="false"/>
            <entry key="triggerId" value="1a00297"/>
        </Map>
    </Attributes>
    <Owner>
        <Reference class="sailpoint.object.Identity" name="admin"/>
    </Owner>
</CertificationDefinition>
2

Do you see Certification Event Definition here?

Screenshot_20240606_174018_Chrome
Screenshot_20240606_174018_Chrome1812×1764 147 KB

1 Like
3

I believe I do
image

4

How you know that event has triggered cetification ?

5

I can see the event was triggered since I got the following event.
image

6

Hi @joaovrodrigues,

Have you tried creating certificate using this definition manually and all object is being created properly?

Also, if yes then please check if there is any task result with the name of your certification and does it have any error in it?

Thanks

1 Like
7

Hello, the certificate has been defined manually, and there is no task result.

9

Can you try triggering the same certification manually and see if that is working as expected ?

1 Like
10

Hello, I believe I’ve been triggering the certification manually, by changing account values via sailpoint UI. How would I go about triggering the certification manually?

11

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.