Certification for entitlements assigned to user with specific tag

Identity Security Cloud (ISC) ISC Discussion and Questions
, , , ,
1

Hello Everyone,

I want to create a certification campaign to remove entitlements (having specific tag) for an identity. Please help me with a solution to it.

Thankyou

2

Please refer this example.

Also there are V3 API’s. That should be possible with API.

3

Assuming the required entitlements have already been tagged. If not, you can tag them as follows:

  1. Navigate to the Search screen.
  2. In the search bar, enter the entitlement name (e.g., "abc").
  3. In the search results, select the Entitlements tab.
  4. Use the checkboxes to select the entitlements you want to tag.
  5. Click the blue “Tag” button at the top-right corner.
  6. Enter the desired tag name and click Save.

Once the entitlements are tagged, you can create a User Access Review (UAR) campaign to review them:

Steps to Create the Certification Campaign:

  1. Select Search from the navigation menu.
  2. On the vertical toolbar, click the Certification Campaigns icon.
  3. Click New Campaign to begin creating a new campaign.
  4. Select the Access Items tile.
  5. Under Select Access Items, choose:
  • All Access Items Returned by a Query
  1. In the search bar, run a query using the tag you applied:
tags:"<your tag name>"

(Replace <your tag name> with the actual tag you used.)

All access items (entitlements) with that tag will be included in the campaign.

  1. Navigate to the “Entitlements” tab under the search results and confirm that the correct entitlements are included for certification.
  • Note: If you have more than one tag, use OR in the search query to include all tags for certification (e.g., tags:("Tag1" OR "Tag2").
  1. Click on the “Certify This Access” button at the top-right corner.
  2. Select “Certify All Identities” to certify all users who have these entitlements.
  3. Provide the campaign details, such as campaign name, description, and reviewer assignment.
  4. Click Start Campaign to launch the certification process.
4

Hi

I have to certify the tagged entitlements only when an identity attribute has a value “tagcert” and is assigned to an identity.

5

Try using the Search and Certifications

@accessModelMetadata(key:“iscRisk”) AND @accessModelMetadata(value:“High”)

If you are using metadata on the entitlements, you should be able to find all entitlements with the metadata.

If you have been tagging Identities with a given Tag value, you should be able to find all of the Identities with the tag through search and create a certification off of those Identities.

I created a Tag named “IT Tag” and it created a tag “IT_TAG”

to search on it you can search on: tags:“IT_TAG”

Use this search for your Certification - when you create the certification specify Identities with a Query and put in your query.