Share all details related to your problem, including any error messages you may have received.
As part of quarterly access reviews for SOX applications, I have been informed that IIQ is now considered a SOX application. As such, I need to ensure periodic user access reviews of elevated access in the IIQ application and server. I have searched Compass and the Developer Community for any previous posts related to this topic but was unsuccessful. I am looking for the community’s guidance and best practices on reviewing elevated access in IIQ, specifically reviewing who has elevated access to both the IIQ application and server.
@adomolol
How is your current server access managed, is it through role based or are you managing this servers as separate applications within IIQ, without this we cannot comment much on sever access part
Coming to any admin rights or capabilities within IIQ, you can have role based model to assign the rights/ workgroups/ capabilities so that these capabilities or rights will be assigned only through roles and role access can be reviewed quarterly so that any revocation should remove the role and subsequently underlying admin rights or capabilities
Regarding OS level accesses - the only thing that comes to my mind is to use one of the OS Direct connectors (we have Linux Direct, Windows Direct etc…) depending on which OS is your IIQ running.
Certification can be done in IIQ for roles, entitlements, accounts. We cannot certify IIQ capability normally. But there is a work around, Use a loopback connector so IIQ considers itself as a target application and Identity cubes as account and capabilities as entitlements.
Now certification for capabilities is possible.
For OS Level server access, you can use OS Direct connectors as Kamil Mentioned above.
