I am working on a certification that is set up for a direct connected source, so when the reviewer revokes and entitlement, then signs off, the entitlement is removed.
I have started looking to get a report for the Auditors that would allow them to easily see the results, but I am having a hard time locating something like that.
Originally, I have hoped that the Remediation Report would be generate for Auto-deprovisioning systems, but this is not the case, so we can not use that report.
I then started looking around and I have identified hte following areas, but can not find something comprehensive and detailed.
They are:
- Events Tab of the user - Has some details of the event, but requires you to manually look up each identity to see them.
- Search Tab with Original Request
@originalRequests(source.name:"<SOURCE>" AND attributeRequests.op:remove ) AND created:[now-24h TO now]
This provides the best detail in the UI, but the significant details do not get downloaded. However, the Tracking ID can be used with the API method later
- Search Tab with AccountRequests
@accountRequests(source.name:"<SOURCE>" ) AND created:[now-24h TO now]
Same information as above, just a different approach. Still can’t export the meaningful data.
- Search Tab with Provisioning
type:provisioning AND created:[now-24h TO now] AND attributes.sourceName:"<SOURCE>"
This returns the Modify Account Passed items, but hte details for those is lacking some.
- API Method
I used the method described here to start from, but it wasn’t too helpful:
GET /api/report/get/{reportId}
But that lead me to the Account Activities V3 API here:
Account Activities | SailPoint Developer Community
From there, I was able to get a JSON of the Account Activity with most of the information I would want, but this is not straight forward or intuative, and requires several steps to get there,
So I guess my question is, how are people getting the Remediation Status for system where provisioning is automated, so there is no remediation report available?