Certification not visible in Certifications Page

Which IIQ version are you inquiring about?

Version 8.3

Share all details related to your problem, including any error messages you may have received.

It is not possible to view in the certifications page a certification automatically triggered, created and launched with a mover event. Why is that?
I know this certification is being created since when I looked for certifications in the debug’s object browser it is possible to view that the certification was created and is active.

It’s hard to say about details - it would be good if you could add the following

  • Certification Definition xml
  • IdentityTrigger xml
  • Screenshot from Certifications list
  • Screenshot of identity Events section

Do you have scoping enabled?

1 Like

Sry for the delayed response.
Here are the details requested:

Certification Definition xml:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE CertificationDefinition PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<CertificationDefinition id="#0000000000000000000000000000001" name="CertificationDefinition-MoversEvent">
    <Attributes>
        <Map>
            <entry key="activePeriodDurationAmount" value="30"/>
            <entry key="activePeriodDurationScale" value="Day"/>
            <entry key="allowCertificationEntityBulkAccountRevocation" value="false"/>
            <entry key="allowCertificationEntityBulkApprove" value="true"/>
            <entry key="allowCertificationEntityBulkClearDecisions" value="true"/>
            <entry key="allowCertificationEntityBulkRevocation" value="true"/>
            <entry key="allowEntityBulkApprove" value="true"/>
            <entry key="allowListViewBulkAccountRevoke" value="false"/>
            <entry key="allowListViewBulkApprove" value="true"/>
            <entry key="allowListViewBulkClearDecisions" value="true"/>
            <entry key="allowListViewBulkMitigate" value="false"/>
            <entry key="allowListViewBulkReassign" value="true"/>
            <entry key="allowListViewBulkRevoke" value="true"/>
            <entry key="allowProvisioningMissingRequirements" value="false"/>
            <entry key="allowSelfCertification" value="CertificationAdministrator"/>
            <entry key="assimilateBulkReassignments" value="false"/>
            <entry key="autoSignOffWhenNothingToCertify" value="true"/>
            <entry key="automateSignOffOnReassignment" value="true"/>
            <entry key="automateSignoffPopup" value="true"/>
            <entry key="automaticClosingAction">
                <value>
                    <CertificationStatus>Remediated</CertificationStatus>
                </value>
            </entry>
            <entry key="automaticClosingComments"/>
            <entry key="automaticClosingDurationAmount" value="7"/>
            <entry key="automaticClosingDurationScale" value="Day"/>
            <entry key="automaticClosingEnabled" value="false"/>
            <entry key="automaticClosingRuleName"/>
            <entry key="automaticClosingSigner" value="name"/>
            <entry key="bulkReassignmentEmailTemplate" value="EmailTemplate-FrameworkAccessReviewBulkReassignment"/>
            <entry key="certOwner" value="notTheCertOwner"/>
            <entry key="certification.remindersAndEscalations"/>
            <entry key="certificationActivePhaseEnterRule" value="Rule-CertificationPhaseChange-ActiveMovers"/>
            <entry key="certificationActivePhaseExitRule" value="Rule-CertificationPhaseChange-EndMovers"/>
            <entry key="certificationAutoApprove" value="false"/>
            <entry key="certificationChallengePhaseEnterRule"/>
            <entry key="certificationDecisionChallengedEmailTemplate"/>
            <entry key="certificationDelegationReview" value="false"/>
            <entry key="certificationDisableDelegationForwarding" value="true"/>
            <entry key="certificationEmailTemplate" value="EmailTemplate-AccessReview-StartMovers"/>
            <entry key="certificationEntityDelegationEnabled" value="true"/>
            <entry key="certificationFinishPhaseEnterRule"/>
            <entry key="certificationIncludeClassifications" value="false"/>
            <entry key="certificationItemDelegationEnabled" value="false"/>
            <entry key="certificationLimitReassignments" value="true"/>
            <entry key="certificationMitigationDeprovisionEnabled" value="false"/>
            <entry key="certificationMitigationEnabled" value="false"/>
            <entry key="certificationMitigationPopupEnabled" value="false"/>
            <entry key="certificationNameTemplate" value="Certification-Identity-Movers"/>
            <entry key="certificationReassignmentLimit" value="4"/>
            <entry key="certificationRemediationPhaseEnterRule"/>
            <entry key="certificationRequired.remindersAndEscalations">
                <value>
                    <NotificationConfig>
                        <Configs>
                            <ReminderConfig before="true" emailTemplateName="EmailTemplate-FrameworkAccessReviewReminder" millis="1209600000" once="true"/>
                            <EscalationConfig before="true" emailTemplateName="EmailTemplate-FrameworkAccessReviewDelinquent" millis="604800000"/>
                        </Configs>
                    </NotificationConfig>
                </value>
            </entry>
            <entry key="certificationRequiredDurationScale" value="Hour"/>
            <entry key="certificationShowRecommendations" value="false"/>
            <entry key="certificationSignOffApprovalEmailTemplate"/>
            <entry key="certificationSignatureType"/>
            <entry key="certificationType" value="Identity"/>
            <entry key="certifiedDurationScale" value="Hour"/>
            <entry key="certifier" value="notTheCertifier"/>
            <entry key="certifierOwnerAccount" value="ApplicationOwner"/>
            <entry key="certifierOwnerEntitlement" value="ApplicationOwner"/>
            <entry key="certifierOwnerRole" value="RoleOwner"/>
            <entry key="certifierType" value="Manual"/>
            <entry key="certifyAccounts" value="false"/>
            <entry key="certifyEmptyAccounts" value="false"/>
            <entry key="challengeAcceptedEmailTemplate"/>
            <entry key="challengeDecisionExpirationEmailTemplate"/>
            <entry key="challengeExpirationEmailTemplate"/>
            <entry key="challengeGenerationEmailTemplate"/>
            <entry key="challengePeriodDurationAmount" value="1"/>
            <entry key="challengePeriodDurationScale" value="Week"/>
            <entry key="challengePeriodEnabled" value="false"/>
            <entry key="challengePeriodEndEmailTemplate"/>
            <entry key="challengePeriodStartEmailTemplate"/>
            <entry key="challengeRejectedEmailTemplate"/>
            <entry key="completeCertificationHierarchyEnabled" value="false"/>
            <entry key="continuous" value="false"/>
            <entry key="electronicSignatureRequired" value="false"/>
            <entry key="enableAccountRevokeAction" value="false"/>
            <entry key="enableApproveAccountAction">
                <value>
                    <Boolean/>
                </value>
            </entry>
            <entry key="enableEntitlementAssignments" value="false"/>
            <entry key="entitlementGranularity" value="Value"/>
            <entry key="excludeBaseAppAccounts" value="false"/>
            <entry key="excludeInactive" value="false"/>
            <entry key="exclusionRuleName"/>
            <entry key="filterLogicalEntitlements">
                <value>
                    <Boolean/>
                </value>
            </entry>
            <entry key="flattenManagerCertificationHierarchy" value="false"/>
            <entry key="includeAdditionalEntitlements" value="true"/>
            <entry key="includeCapabilities" value="false"/>
            <entry key="includePolicyViolations" value="false"/>
            <entry key="includeRoleHierarchy" value="false"/>
            <entry key="includeRoles" value="false"/>
            <entry key="includeScopes" value="false"/>
            <entry key="includeTargetPermissions" value="false"/>
			<entry key="includedApplications" value="%%Apps%%"/>
            <entry key="mitigationDurationAmount" value="1"/>
            <entry key="mitigationDurationScale" value="Month"/>
            <entry key="mitigationExpirationEmailTemplate"/>
            <entry key="nameTemplate" value="Template name [${fullDate}]"/>
            <entry key="notifyRemediation">
                <value>
                    <Boolean/>
                </value>
            </entry>
            <entry key="overdue.remindersAndEscalations">
                <value>
                    <NotificationConfig>
                        <Configs>
                            <ReminderConfig before="true" emailTemplateName="EmailTemplate-FrameworkAccessReviewReminder" millis="1209600000" once="true"/>
                            <EscalationConfig before="true" emailTemplateName="EmailTemplate-FrameworkAccessReviewDelinquent" millis="604800000"/>
                        </Configs>
                    </NotificationConfig>
                </value>
            </entry>
            <entry key="owners" value="notTheOwner"/>
            <entry key="preDelegationRuleName" value="Rule-CertificationPreDelegation-Movers"/>
            <entry key="processRevokesImmediately" value="false"/>
            <entry key="remediation.remindersAndEscalations">
                <value>
                    <NotificationConfig enabled="true">
                        <Configs>
                            <ReminderConfig before="true" emailTemplateName="EmailTemplate-FrameworkAccessReviewReminder" millis="86400000" once="true"/>
                            <EscalationConfig before="true" emailTemplateName="EmailTemplate-FrameworkAccessReviewDelinquent" escalationRuleName="Rule-FrameworkInactiveWorkItemEscalation" maxReminders="5" millis="604800000"/>
                        </Configs>
                    </NotificationConfig>
                </value>
            </entry>
            <entry key="remediationPeriodDurationAmount" value="10"/>
            <entry key="remediationPeriodDurationScale" value="Day"/>
            <entry key="remediationPeriodEnabled" value="false"/>
            <entry key="requireApprovalComments" value="false"/>
            <entry key="requireBulkCertifyConfirmation">
                <value>
                    <Boolean>true</Boolean>
                </value>
            </entry>
            <entry key="requireMitigationComments" value="false"/>
            <entry key="requireReassignmentCompletion" value="false"/>
            <entry key="requireRemediationComments" value="true"/>
            <entry key="saveExclusions" value="false"/>
            <entry key="sendPreDelegationCompleteEmails" value="false"/>
            <entry key="shortNameTemplate"/>
            <entry key="signOffApproverRuleName"/>
            <entry key="stagingEnabled" value="false"/>
            <entry key="subordinateCertificationEnabled" value="true"/>
            <entry key="suppressEmailWhenNothingToCertify" value="true"/>
            <entry key="suppressInitialNotification" value="false"/>
            <entry key="triggerId" value="0a00020f7cbc1f9b817cbda3a5700297"/>
        </Map>
    </Attributes>
    <Owner>
        <Reference class="sailpoint.object.Identity" name="notTheName"/>
    </Owner>
</CertificationDefinition>

Identity Trigger xml:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule language="beanshell" name="Rule-IdentityTrigger-Mover" type="IdentityTrigger">
   <Description>This rule detects when a User is considered a Mover.</Description>
   <Signature returnType="boolean">
      <Inputs>
         <Argument name="log">
            <Description>
					The log object associated with the SailPointContext.
				</Description>
         </Argument>
         <Argument name="context">
            <Description>
					A sailpoint.api.SailPointContext object that can be used to query the database if necessary.
				</Description>
         </Argument>
         <Argument name="previousIdentity">
            <Description>
					The identity before the refresh/aggregation (this will be null when an identity is created).
				</Description>
         </Argument>
         <Argument name="newIdentity">
            <Description>
					The identity after the refresh/aggregation (this will be null when an identity is deleted).
				</Description>
         </Argument>
      </Inputs>
      <Returns>
         <Argument name="result">
            <Description>
					A boolean describing the result of the rule.
				</Description>
         </Argument>
      </Returns>
   </Signature>
   <Source><![CDATA[

	import java.util.Map;
	import java.util.HashMap;
	import javax.naming.directory.Attributes;
	import javax.naming.directory.DirContext;
	import javax.naming.directory.SearchResult;
	import javax.naming.NamingEnumeration;
	import sailpoint.api.IdentityService;
	import sailpoint.object.Application;
	import sailpoint.object.Identity;
	import sailpoint.object.Link;
	import custom.utils.LDAPUtils;

	private boolean verifyDomain(String name, Identity newIdentity, Identity previousIdentity) {
		///verifying domains
		}

	private boolean verifyextMover(String name, Identity newIdentity, Identity previousIdentity) {
		///verifying if it is mover and returning new values, according to changes
	}

	// By default there is no change, i.e. no Mover event
	if(newIdentity != null && previousIdentity != null) {
		String name = newIdentity.getName();
		
		if(!newIdentity.isInactive()) {
			// Verify if identity is ext or int
			String type = newIdentity.getAttribute("type");
			
			// If value is null or empty, do nothing
			if(type == null || type.isEmpty()) {
				return false;
			}
					
			Boolean isGenericMover = verifyDomain(name, newIdentity, previousIdentity);
			if(type.equals("ext")) {
				if(isGenericMover) {
					return verifyextMover(name, newIdentity, previousIdentity);
				} else {
					return false;
				}
			} else if(type.equals("int")) {
				return isGenericMover;
			} else {
				return false;
			}
		}
	} else {
		return false;
	}

	return false;
	]]></Source>
</Rule>

Snapshot of the mover event creating the certification:
event mover