I need to have self certification logic in Entitlement Owner certification, which will reassign the access review of the self to another certifier
Example:
If John is the owner for Entitlement “A” and he also have access to it. so John will certify the access for others but for him someone (Let say Rio) have to do.
If Arul is the owner for Entitlement “B”, he also have access to it. so Arul will certify the access for others but for him someone (Let say Raj) have to do.
Like
for John, Rio is Self certification Owner
for Arul, Raj is Self certification Owner
Pre-delegation rule work based on entity and in Entitlement certification, entity would be entitlement itself so I cannot reassign specific item to different user.
To implement self-certification logic in your entitlement owner certification process, try this approach.
Self-Certification Delegation: Create a mechanism to allow entitlement owners (ex: John for Entitlement A) to designate another user as their certifier for their own access. This can be done by adding a field in the entitlement management UI where owners can specify their self-certification delegate.
Modify Certification Workflow: Adjust the certification workflow to recognize this delegation. When John certifies access for others, the system should automatically route his own access review to Rio instead of allowing John to certify his own access.
Hi @vinnysail ,
Thanks for your response.
May I know which workflow you are referring to, Is there any OOTB workflow involved in certification process?
You can utilize the pre-delegation rule to reassign the certification item to the Entitlement Manager when the entitlement owner is certifying their own access. Please refer to the pre-delegation rule for the entitlement owner below.
import java.util.Arrays;
import java.util.List;
import java.util.ArrayList;
import sailpoint.object.Identity;
import sailpoint.object.*;
List items = entity.getItems();
certifierName = certification.getCertifiers().get(0);
Identity EOCertifier = context.getObjectByName(Identity.class, certifierName);
List reassignItems = new ArrayList();
String entitlementName="";
Identity requester = certification.getCreator(context);
Identity EOManager = EOCertifier.getManager();
String description = "Pre-Delegation for Entitlement Owner Certification";
for (CertificationItem item : items)
{
String user = item.getTargetName();
if (user.equalsIgnoreCase(EOCertifier.getName()))
{
reassignItems.add(item);
}
}
if (reassignItems != null)
{
String comments = "This certification is re-assigned to you to prevent self certification as <b>" + EOCertifier.getName() + "</b> is a certifier of Entitlement(s) and also has access to the entitlement for the <b>" + entity.getApplication() + "</b> Application. <br>";
if (EOCertifier.getManager() != null)
{
//If the Entitlement Owner has a manager assign it to the manager. The variable 'EOManager' is the EO's manager.
certification.bulkReassign(requester, reassignItems, EOManager, description, comments, context.getConfiguration());
}
else
{
//If the Entitlement Owner does not have a manager assign it to the certification requester, which is the variable 'requester'.
certification.bulkReassign(requester, reassignItems, requester, description, comments, context.getConfiguration());
}
}