We have a Microsoft SQL Server environment with both service accounts and human user accounts. We are now planning to certify the service accounts. Do we need to create a new identity profile with an authoritative source for this purpose? What would be the best approach and connector to use?
if its Azure SQL Database SailPoint doesn’t support windows-based accounts.
Hi @abraham0007,
We have two options.
Option 1: In case all service accounts are correlated with identities you need to create a filter to identify the service accounts and the create a source owner campaign and use the filter you created.
Option 2: In case if service accounts are not correlated (means all service accounts in uncorrelated) Go to the search-based campaign called uncorrelated certification and select the source MSSQL server and select the other options as per your requirement and start campaign.
1 Like
can we do campaign for uncorrelated? you mean like sorce.name:mssql as a serach query? or any specific query?
Hi @abraham0007,
Go to the “search” tab and click on “certifications campaign” and click on “new campaign” below campaign options are available, select “uncorrelated Accounts” campaign.
1 Like
certification going to completed state, which is not
Hi @abraham0007,
Have you check that service accounts have any access to service accounts?
yes they have but we read only accounts while aggregating. no ents we are reading. I this this the reason?
Hi @abraham0007, we are doing access review for Entitlements (Access), if account don’t have any entitlements certification campaign automatically completed.
if you want to Review access, user accounts need to have entitlements. otherwise, you can’t.