Certification Remediation Report for Automated Revocation/provisioning

I am working on a certification that is set up for a direct connected source, so when the reviewer revokes and entitlement, then signs off, the entitlement is removed.

I have started looking to get a report for the Auditors that would allow them to easily see the results, but I am having a hard time locating something like that.

Originally, I have hoped that the Remediation Report would be generate for Auto-deprovisioning systems, but this is not the case, so we can not use that report.

I then started looking around and I have identified hte following areas, but can not find something comprehensive and detailed.

They are:

  • Events Tab of the user - Has some details of the event, but requires you to manually look up each identity to see them.
  • Search Tab with Original Request
@originalRequests(source.name:"<SOURCE>" AND attributeRequests.op:remove ) AND created:[now-24h TO now]

This provides the best detail in the UI, but the significant details do not get downloaded. However, the Tracking ID can be used with the API method later

  • Search Tab with AccountRequests
@accountRequests(source.name:"<SOURCE>"  ) AND created:[now-24h TO now]

Same information as above, just a different approach. Still can’t export the meaningful data.

  • Search Tab with Provisioning
type:provisioning AND created:[now-24h TO now] AND attributes.sourceName:"<SOURCE>"

This returns the Modify Account Passed items, but hte details for those is lacking some.

From there, I was able to get a JSON of the Account Activity with most of the information I would want, but this is not straight forward or intuative, and requires several steps to get there,

So I guess my question is, how are people getting the Remediation Status for system where provisioning is automated, so there is no remediation report available?

I should probably rephrase my question:
How are people getting the Remediation Status type report for system where provisioning is automated, that includes a way to tie it back to the certification?

The only option I have found is the using the Search with Provisioning or Certification, getting the Tracking ID for the record, then use the API Method to get the Account Activity Recors for it, which includes an auto-generated comment that details the certification the AccountAttributeUpdate came from:

"body": "Certification remediation for Identity: <123456> Certification: <GUID_REMOVED> (Identity Access Review for <MANAGER>- 2024-05 Mini Demo Campaign)",

Hi Geoff,
I am also interred to see how to get the remediation query to use on UI or the API
Thanks
Arif

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.