How to create Dummy Certifications in Sailpoint?

IdentityIQ (IIQ) IIQ Discussion and Questions
,
1

Which IIQ version are you inquiring about?

Version 8.X

Share all details related to your problem, including any error messages you may have received.

I want to create a certification in Sailpoint, for all the Service accounts. But dose not want to revoke the access in any case.

Ask is to just to audit the reviewer’s decisions. And not take any action. Is there any configuration or workflow to get this done?

What my focus in to create certification in such a way that access should not be removed even if revoke decisions are provided by the reviewer.

2

Hi @RRR71, you can just initiate a certification and approve all the access once the audits are done, however, I don’t prefer that…
Instead of this, you can generate reports and you can have a full view as well without any actions needed, also you will have it in PDF format since the auditors always prefer PDF, not actionable things or even CSV/excel formats.

3

Thanks for the quick reply. But its not my call to take decisions. The Managers are supposed to provide decisions. Which can be Revoke or Maintain.

4

in that case, I would prefer the reports option.

5

When you say service account , what are these its target account service account or IIQ service account ?
How these service account look like? Created as separate identity ?

6

Hi Vishal,

Actually service account is not the important part. What my focus in to create certification in such a way that access should not be removed even if revoke decisions are provided by the reviewer.

8

What is application type ?

9

Are you saying that for same application LCE or access request should be able to revoke the access but not access review ?

10

Not bonded to application type. There can be disconnected applications as well.

11

Yes, don’t want to change working of other features.

12

Hi @RRR71

Welcome to SailPoint Developer Community.

Not sure what you are certifying exactly, Roles or Entitlements or accounts.

I did have the similar requirement couple of years back, I created empty Business Roles and created a certification campaign.

Thanks
Krish

13

You can write before provisioning rule to unset the plan .

2 Likes
14

Sample example

if(plan!=null)
{
	String source=plan.getSource();
	
	if(source != null && source.equalsIgnoreCase("Certification"))
	{
        plan.setAccountRequests(new ArrayList());
		return plan;
    }
}
return plan;
15

You can check the source of the plan. In case it it accessreview or Certification nullify the provisioning plan in before provsioning rule.

1 Like
16

I want to certify Roles and Entitlements assigned to users.

Was actually looking to reduce complexity. More like enable/disable any flag during certification creation itself.

17

Yes before provisioning rule is not great option you need to modify all the required application .

I would say if you just want to certify few set of accounts , load them as a delimited application and then generate review .

Since this will be disconnected application it will o ly create a work item for admin and required action can be taken manually .

1 Like
18

Yes, I am aware of this way. Manual Revocation.

But isn’t there any way or configuration where such work requests itself would not be raised.

19

did you explore option of revocation period in access review configuration? If you set that value as very high but again it will have its own pro and cons .

20

Also explore option of phase change rule if you can use to change plan during revocation phase .

21

Yes I did. It doesn’t completely satisfy my requirement.