I am still fairly knew to doing some of the reporting in IIQ. I am looking for a way to run a report of the Accounts that are excluded using the Exclusion rule during a certification. I have looked everywhere and not able to find anything. Any help would be appreciated.
Any forward movement on this? We are also inquiring about this at my company.
There are couple of ways you can possibly achieve this.
One way is to create a custom audit record through the exclusion rule for every entitlement or bundle for each identity / account that gets excluded from the certification. You can then build an audit report over this custom audit data.
Second way is to build a custom report over ArchivedCertificationItem object. All the identities that are excluded get stored in ArchivedCertificationEntity object and the equivalent access (entitlement / bundle) gets stored in ArchivedCertificationItem object. I tried to create a report over a manager certification that has an exclusion rule with some defined criteria that returns an explanation for exclusion and ‘Save Exclusions’ option checked while generating the certification. I was able to get the report of all items excluded from the certification. I have attached a sample xml for the report. The report is very basic and has been generated based off ‘Certification Activity by Application Live Report’. You can add more columns by referring to java docs for sailpoint.object.ArchivedCertificationItem and sailpoint.object.ArchivedCertificationEntity classes.
CertificationExclusionReport.txt (7.3 KB)