Share all details related to your problem, including any error messages you may have received.
Hi Experts,
Use Case: Report to show the user account changes happening outside of the SailPoint. E.g., There were 9 entitlements on the user account and out of which 2 entitlements were removed by admin from user account outside of SailPoint.
How do we pull such data that XYZ entitlement was removed from user account outside of SailPoint and hence got removed from SailPoint account link post aggregation?
Is there any database table which stores this out of band changes on user account?
Native change detection is a mechanism in IdentityIQ’s application connectors that can detect changes made in account information outside of IdentityIQ’s control. The native change detection can detect newly created accounts, deleted accounts, or modified accounts. The changes are detected on aggregation by comparing stored information with newly read information. If any changes are detected, actions can be taken to respond to these changes. These actions include automatic recertification, approval, notifications or even automatically reverting the changes.
Apart from native change detection, there is concept of identity Snapshot. identity snapshots holds the details of the changed attribute of an identity including the access removal and addition.
You can use the identity snapshot object to build your custom reports. This will be more convinient, in case you want to keep a track of what details have been changed on Identity object.
native change detection mostly goes through workflow and creates workitems for decission making, where as snapshots are having no such things.
But Identity snapshot takes DB spaces and it is recommended to prune the snapshots in an interval.
@pallavi
You can go with Native Change events enabled as mentioned by @BalajiChandrasekaran and create life cycle Event, within the corresponding workflow create a custom Audit event which can capture the changes happened to the identity application level entitlements with old and new values.
I don’t think there is any direct table or audit event which can help, you can go with above apporach
Others can comment if some other alternative methods are available
