Filtered certifications via Workflow

shreyas_nitturkar · July 16, 2025, 4:46pm

We need to create a workflow that will create an Identity certification campaign and certify only selected access items (roles/ entitlements/ access profiles) when a mover event occurs.
How can this be achieved via Workflows.
By default, all accesses assigned to the identity are added to the campaign which is causing the issue.

Only entitlements returned by a search query must be added to the identity campaign.

Is there an alternative approach to handle mover lifecycle event?

Anly leads would be appreciated.

sidharth_tarlapally · July 16, 2025, 5:44pm

Hi @shreyas_nitturkar

Focusing only on

Only entitlements returned by a search query must be added to the identity campaign.

Use the below API to create the campaign :

Create Campaign API
We can create campaign for given query :

Thanks
Sid

shreyas_nitturkar · July 17, 2025, 2:50pm

I am unable to get the access items using a nested query that uses entitlement custom metadata like @accessModelMetadata(valueName:“To be Reviewed”)

Is there a way we can achieve this?