If a user has all the underlying entitlements a role provides but hasn’t requested the role, can IDN detect and assign the role? Can I get a link to the documentation if there is one for this information? I can’t seem to find it.
Hi,
Access Profiles are kind of like IT roles in IIQ, they are detectable.
On this link: Managing Access Profiles - SailPoint Identity Services
You can see the following: “Detection, when IdentityNow determines during identity processing that a user has all of the entitlements associated with an access profiles and grants them the access profile automatically. At that point, they are no longer considered to have the entitlements individually, but instead have the access profile.”
Roles in IDN are more like business role in iiq, i.e. not detectable.
Regards
Thanks @jeseri, that helps.
How do you check if a user owns an access profile or not from the UI? We can see the roles an identity has, but not access profiles?
When you request for a Role in IDN, Access Profiles are Assigned…
When you add Entitlements from IDN or Target Source, Access Profiles are Assigned/Detected. We don’t have Assigned and Detected concept in IDN to validate.
You can extract Access profiles using search query with filter as Identity and output as Access Profiles.
If your IDN environment blocked Entitlements and Access Profiles request, only Roles are allowed then you can extract Roles of a user, find Access Profiles from those Roles, Extract all Access Profiles of a user and subtract with Access Profiles from Roles. You get Access Profiles that are not provisioned through IDN.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.