I am working with the Sign-Off Certification API in SailPoint Identity Security Cloud and need to perform certification sign-off via API on behalf of a specific reviewer.
From my testing and documentation review, it appears that:
The sign-off action is automatically attributed to the identity associated with the OAuth 2.0 Bearer token used to call the API.
There does not seem to be any request parameter (such as reviewer ID, name, or identity reference) that allows explicitly specifying the reviewer who is performing the sign-off.
My requirement:
I want to trigger certification sign-off programmatically while explicitly setting the reviewer identity. I have used the following API:
If you prefer to call the sign-off API explicitly, you can leverage a workflow: first use the “List identity-based campaigns” step to fetch the IDs, store them in variables, and then pass those IDs into the sign-off campaign API.
Thanks.
Hi @hb10 ,
It looks like, SailPoint does not have api to modify the reviewer’s identity, the request parameters accepts only the certification campaign id, and there is no other seperate api to update the reviewer identity.
Just to clarify my requirement — the goal here is to sign off the certification on behalf of the actual user who made the decision (i.e., the reviewer), rather than the technical user invoking the API.
In our use case, the API is being called by a system/service account, but the decision is taken by a different user. So we want the certification sign-off to reflect that actual user as the reviewer.
Currently, I see that the API derives the reviewer from the access token used in the request. I wanted to check if there is any supported way to achieve this use case where the sign-off can be attributed to a different user.
