Starting this post to see if can get some advise on if there is any way for us to set up an Access Campaign and the reviewers should be the owner of the Entitlements.
Yes , with âAccess Itemâ Certification Campaign is possible.
Please refer this link and look for " Creating an Access Item Certification Campaign" Starting a Campaign from Search - SailPoint Identity Services
I did try this. But i do not see a way to set the Owner of an Entitlement as the reviewer. Would you mind pointing me to the right place in the documentation if I am missing on something.
Hi Ram,
Please refer to Creating an Access Item Certification Campaign section in the above link provided by @nandambk Enter the Entitlement name you want to certify and Add that to Campaign. Select the identities to certify and when launching the certification you can assign the select the induvidual you want to assign as certifier. Please try this out.
That would work for one entitlement I try. I have 10K entitlements that I want in review and I want the certification to have reviewer as the owner of the entitlement.
There is an idea for this on the ideas board - GOV-I-711
1 Like
I am looking for an answer to this too.
The only solution I can think of at the moment, is to create a campaign, assign to Individual, and then have a script to re-assign each item to the respective entitlement owner.
Thatâs exactly what I do
2 Likes
Hey Mark! Happen to be able to share that script? Not being able to certify entitlement owners is a problem for us
I can, but it might not be beneficial to most users. The reason is because itâs run from my ServiceNow instance, which has a custom table that stores a copy of entitlements and access profiles. Iâve meant to rewrite it using the PowerShell SDK but I havenât had time
1 Like
For anyone looking for Entitlement / AP / Role owner certification:
SailPoint internally has this logic implemented as a Ruby script. This maybe offered via PS (unconfirmed yet). Itâs pretty âfreshâ, ReadMe, v1.0 dated at first week of Aug 2024.
The script doesnât only handle entitlement owner reassignment, but also AP and role owner reassignments as well. Note that itâs a 2-step process: Generate certifications as you normally would (for a single certifier), then run the script to execute the reassignment.
1 Like
thank you Terry! I will reach out to sailpoint directly and see if they can assist
@Firmman-Alexander Have you contacted the SailPoint team, and are they able to provide you with a script for reassigning certificates to entitlement or access profile owners?
Hi Amit, Yes! SailPoint Services has shared a script to perform this. I will be testing this sprint
Hi @Firmman-Alexander , Is that script available in public community?
If not, then can you please provide you case number, So that we can refer that in our SailPoint case.
Thanks in advance.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.