Manager Certification Not Showing Entitlements

IdentityIQ (IIQ) IIQ Discussion and Questions
1

Hello Everyone,

I’m currently working with Manager Certifications in SailPoint IdentityIQ and encountered an issue I could use your help with.

My goal is to create a Manager Certification where the manager is able to review the entitlements assigned to their direct reports. However, after creating the certification, only Roles are showing upEntitlements do not appear.

LDAP Group and Users:

image
image1191×381 22.6 KB

image
image1000×474 31 KB

Entitlement Catalog:

image
image1843×472 26.2 KB

image
image1580×405 16.3 KB

Test User:
A test user (“Alice”) is placed under “Test Manager” in the identity hierarchy

image
image468×322 8.32 KB

Let’s create the Manager Certification

image
image533×533 28 KB

image
image1386×747 48.7 KB

image
image948×520 21.6 KB

The Result, we can not find the Alice (Testing User)

image
image1904×976 59.4 KB

image
image1908×648 33.4 KB

Question:

What could be the reason that entitlements are not showing up in the Manager Certification?
Is there something I need to configure additionally — like application settings, aggregation logic, or certification definition — to ensure entitlements appear?

Any guidance or troubleshooting steps would be appreciated.

2

Hi
Check whether these entitlements are requestable?
also pls check in application > schema whether the entitlement attribute is marked as Entitlement

3

Hi @fewthiraphat

Are these groups: engineering and hr linked to roles?

4

Hi @pattabhi, No, It’s not linked to any roles

5

Hi @uditsahntl01 ,

Both are requestable

image

image
image590×101 4.43 KB

And this is how I mapping the account and groups in my source

image
image934×377 14.1 KB

image
image924×423 16.2 KB

6

I think this might be the problem. One time, I made some changes in the UIConfig related to certifications and saved it, but I’m not sure exactly where I made the edits.

If anyone has the default UIConfig.xml file, could you please share it or point me in the right direction?

image
image1901×912 101 KB

7

Hi @fewthiraphat

The best practice is to take a backup prior to any changes.

Connect to the IIQ console from {..\WEB-INF\bin}.

Note: The command to export the complete UIConfig.xml is:
export -clean=id,created,modified,lastRefresh uiconfigs_clean.xml UIConfig

Please send this file; I will verify the changes you have made.

The command to import the file from iiq console

import -noids uiconfigs_modified.xml

Impact: Modifying UIConfig can significantly impact the user interface. Test your changes thoroughly in a lower environment (e.g., Development, QA) before applying them to production.

8

Hi @pattabhi, I exported already and sent it to you in private chat.

9

Hi @fewthiraphat

Can you check if those entitlements are visible on Identity under Entitlements tab in Identity Warehouse.
If so, Try running Refresh Identity cube task only for this one Identity while selecting these options :

  • Refresh Identity Entitlements for all links
  • Refresh assigned, detected roles and promote additional entitlements
  • Promote managed attributes

Post running task, Try lauching Certification.

10

Hi @tharshith , Thank you, I tried it but it seems still not working

image
image1122×202 13.7 KB

11

Hi All, more information, I tried to create an Entitlement Owner Certification, and I got the Entitlement review, but still not for Manager Certification.

image
image1482×844 55.9 KB

12

Hi @fewthiraphat

Could you check if you’re able to see those entitlements on Identity cube.

  • Try launching a Certification alone with removing Include Roles checkbox just for Testing to see if you’re getting it there.
  • You can also try around by selecting that Application in the Filters in Certification.
  • Also, just check using Advanced Analytics, search for identities with filters of the required entitlements, to check if entitlement and identity are being retrieved properly using search.
13

Hi @tharshith,

This is what I tried for Manager Certification, I unchecked Include Roles and Select only application that I want to see

image
image953×714 32.5 KB

It go to completed step immediately after it created, because it have nothing to verify

image
image1842×235 24.9 KB

===============================================

This is Advance Analytics

I selected the Application, Manager, Entitlement that I want to check

image
image1102×700 26.5 KB

image
image1025×575 24.9 KB

After I clicked search, I have got the data

image
image895×571 20.4 KB

14

@fewthiraphat Can you check if you are able to see those groups on Entitlements on the Identity ? If you pls provide a screenshot of it.

15

Hi @fewthiraphat

I have found couple of differences.

Difference#1 description ColumnConfig missing in your UIConfig

image
image1446×316 175 KB

Difference#2:

image
image1462×281 123 KB

Differece#3: you have additional column configured.

image
image1273×238 81.8 KB

I have updated the new file with 1st and 2nd difference, sent it to you in personal chat.

1 Like
16

Thanks @pattabhi, I will try it and let you know

17

Yes, we can see those Identity be member in Entitlement Catalog

image
image1915×619 31.2 KB

and in each Identity we also can see that be member of the Entitlement

image
image1460×957 62.8 KB

18

Thank you so much, @Pattabhi. It’s still not working, but I really appreciate your help. I followed your recommendation and checked the situation by creating an Account Group Membership, and now the entitlement is showing, but it’s still not appearing in the Manager Certification.

image
image1437×845 43 KB

19

Hello @fewthiraphat If the users have managers, the certification will definitely work. If you’re unable to find the certification, check the “All Managers” option and try again.

1 Like
20

Hi @fewthiraphat

As you mentioned, the manager is mapped from the UI. Perhaps you could try aggregating from the source to see if that makes a difference.

Fingers crossed.