Excluding Disabled accounts from Targeted Certification

Which IIQ version are you inquiring about?

[Identity IQ 8.4

Share all details about your problem, including any error messages you may have received.

Hello Everyone,

Currently we are performing application re-certification for most of applications that we manage however we have a couple that do not support deleting accounts due to data retention. We have successfully established IIQdisabled logic for most of them so for example if account has an expiration date in the past then it is considered disabled.

I would like to ask is it possible to exclude such accounts from Targeted certification? The Exclude Inactive identities is not solving all our problems as some of those accounts belong to active users (access no longer required). I know in Application Owner/Manager Certification this could be achieved by exclusion rule, but Targeted Certification is not supporting that by design as far as I know.

Thank You,

Hi

Someone recently wrote that exclusion rule it’s available in GUI but you can still use it in XML and apparently it will work even with targets certification.

Check that out, would be interesting to know it’s it’s actually true .

Let us know.

And do you think that would be the only solution to my problem? Modifying Certification object directly on production is something I would like to avoid.

Thank You,

I never suggested that you modify anything on production.

Just something I saw someone mentioned that would have to be tested and checked if it actually works.

OOTB in GUI Targeted certification doesn’t have it.