Share all details related to your problem, including any error messages you may have received.
Hi all,
we are seeing a label as “Item is revoked but has not been removed” under the certification item. Is this because of any manual deprovisioning action to be undertaken? Any suggestions?
This generally comes when the close loop is not completed .
For example let say you are doing certification on disconnected application and as part of access review system created a manual workitem and if someone takes action and new file is not reconcilled . Then this message will be visible .
As certification is a snapshot in time, If the aggregation/remediation scan is not completed within the revocation period, that explains why the status would still have that in the certification. so the conditions which exist during the timing of the certification are the only considered state.
If aggregation/remediation scan happen outside the timing on the certification, the certification will not be updated any further.
You can verify what you have set for this scan interval by going to the Configuration->System Configuration and seeing what is set for remediationScanInterval . The default is 1x a day
If the above information helped for your question, please accept it as solution for the thread. so it will be helpful for others and the issue will be closed.
Actually, I am seeing an unusual behavior with a JDBC Connector for which no provisioning rule/policy is defined nor any integration config for manual workitem fulfilment in our IIQ instance. I am unsure how certification revocation would even work in this case and I was thinking that this is why we are seeing “the Item is revoked but has not been removed” label.