Exclusion of specific users from SoD Detective Scans

HarnishaM · December 29, 2025, 9:52am

Which IIQ version are you inquiring about?

8.3 P3

Share all details about your problem, including any error messages you may have received.

Hi All,

We have implemented advanced SoD rule-based policy to fulfil the custom requirements for the SoD violation check and the way we have defined the entitlements in an application.

We are looking for a solution to prevent the SoD violation checks during detective scans to happen for specific users. E.g., SoD violation task should not be generated for Department Head - just as an example.

What are the possible OOTB options to implement this feature?

aakashpandita · December 29, 2025, 10:06am

are you using “Match List” to define your criteria?
if yes then you can add a “Not Equals” condition using any Identity attribute

pallavi · December 29, 2025, 10:48am

@HarnishaM In case you are only looking for the solution for detective scans then in the identity refresh task also you can add a filter to specify the targeted audience for scan.

Refer to this discussion thread for more details: SailPoint IIQ SOD Advanced Policies not working

Thanks,

Pallavi

Topic		Replies	Views
Exclusion of identity cubes from SoD Policy IIQ Discussion and Questions identityiq , separation-of-duties	4	542	July 4, 2023
Question on SoD IIQ Discussion and Questions identityiq	3	88	March 18, 2026
SailPoint IIQ SOD Advanced Policies not working IIQ Discussion and Questions identityiq	10	180	October 24, 2025
SOD Policy is not working for Detected Roles IIQ Discussion and Questions identityiq	0	42	August 28, 2025
Service Accounts seen by out Help Desk team IIQ Discussion and Questions identityiq , accounts	5	100	December 3, 2024

Exclusion of specific users from SoD Detective Scans

Which IIQ version are you inquiring about?

Share all details about your problem, including any error messages you may have received.

Related topics