Identity Certification of assigned Roles through criteria

We have created Roles for Applications we need to onboard, to assign Roles to Applications existing users we used assignment criteria although due to this Managers can not approve/revoke access they can only acknowledge.

Is there any other way to assign roles to the Application’s existing users apart from requesting roles as they are existing users?

Welcome to the developer community Nikhlesh.

Roles can be assigned via standard criteria, identity list, or access request. It sounds like you have assigned roles via standard criteria to preserve the existing access in the target application. If you want to have managers review that access, then you could generate a certification campaign to confirm or revoke the access.

Hi Colin,

If we assign roles via standard criteria then the Manager can only Acknowledge those roles during certification. We do not see any option to Approve/Revoke the Roles which are assigned through standard criteria.


What if you try assigning roles via identity list? I think that will allow managers to approve/revoke roles in a cert campaign. You can also mark the role as “requestable” so users can later request access to the role if they need the access again.

If you have a large number of identities that need to be assigned the role, you can leverage the update role API to automate this.

Even if we assign Roles via identity list, Managers can only Acknowledge them. We marked Roles as Requestable although we need to certify the Existing Users with this role.

This sounds like a job best suited for Expert Services. They may have an elegant way to handle this after diving deeper into your use case.