Exclusion of specific users from SoD Detective Scans

IdentityIQ (IIQ) IIQ Discussion and Questions
1

Which IIQ version are you inquiring about?

8.3 P3

Share all details about your problem, including any error messages you may have received.

Hi All,

We have implemented advanced SoD rule-based policy to fulfil the custom requirements for the SoD violation check and the way we have defined the entitlements in an application.

We are looking for a solution to prevent the SoD violation checks during detective scans to happen for specific users. E.g., SoD violation task should not be generated for Department Head - just as an example.

What are the possible OOTB options to implement this feature?

2

are you using “Match List” to define your criteria?
if yes then you can add a “Not Equals” condition using any Identity attribute

image
image1723×416 23.4 KB

3

@HarnishaM In case you are only looking for the solution for detective scans then in the identity refresh task also you can add a filter to specify the targeted audience for scan.

Refer to this discussion thread for more details: SailPoint IIQ SOD Advanced Policies not working

Thanks,

Pallavi

4

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.