We have configured a Scope in SailPoint IdentityIQ so that identities within the “WGExample” Workgroup do not have visibility over the AppExample application.
The issue is that, even though the application does not appear in the list of available applications, it is still visible under “Manage Access > Manage Passwords”, allowing users to change passwords for AppExample.
Our goal is to remove the visibility of AppExample in “Manage Passwords” for users in the “WGExample” Workgroup.
What would be the best way to achieve this within IdentityIQ?
Hi @mhorcajo - scopes do not work to remove an app from showing up under Manage Passwords. The only way I know of is to remove PASSWORD and CURRENT_PASSWORD from the applications FeatureString. This will prevent it from showing on that page for all users. I don’t know of a way to remove it based on workgroup without customizing the UI.
This solution will remova password resetfeature from the application entirely. I would suggest checking Identity Details Tweaks Plugin - this plugin should do the job.
Hello. Thanks for your answer, but what we were looking for is a solution that restricts the visibility of an application for specific identities, similar to what would be done with a Scope.
We want to achieve that the identities belonging to a WG do not have visibility over a concrete application, or the other way around, that only the identities that DO NOT BELONG to the WG DO have visibility over the application.
I hope I have expressed myself well.
Thanks in advance.
What would be the best way to achieve this within IdentityIQ?