Hello Experts,
I’m back again with a blockage I’ve been investigating during the migration process from IIQ to ISC. As part of migration all access profiles would be created on ISC using the source entitlements as usual. The Identities accounts will already have the entitlements that these access profiles grants and will get detected automatically by ISC.
We need for audit purposes the approval for the access profile provision request within ISC but when detected re-requesting is cancelled and there’s no approval definition left. I’ve been looking at the forum and documentation and it seems that the detection can’t be stopped. Is there a plan in the future to be able to make this feature as optional in certain moments?
Re-requesting all of the access profiles would be a great effort but needed, if we include that ISC cancels the requests when already detected we would also need to deprovision all access first which would make the impact bigger. Aside from creating a static report of all access granted through IIQ provisionally, in the long run it would be really helpful to be able to disable the detection. A not so good-looking method I thought was creating by script all access profiles using dummy ents, requesting them then updating them to the real ones. And creating a certification after to remove the remaining dummy ents. Have you ever encountered something similar and had a better solution?