Which IIQ version are you inquiring about?
Sailpoint IIQ 8.3
Share all details about your problem, including any error messages you may have received.
We are currently working on enhancing the NCD (Native Change Detection) approval process.
Expected Approval Flow:
When a change is detected in an identity’s entitlements via NCD, the approval flow should work as follows:
Step 1 – Identity Manager Approval:
All changes (regardless of the application) related to a single identity should be grouped into one work item.
This grouped work item should be sent to the identity’s manager for approval.
For example:
Identity John Doe has:
2 changes in Application A
3 changes in Application B
Total of 5 changes should be sent in one single approval request to John’s manager.
Step 2 – Application Owner Approval:
Once the manager approves, the changes should split according to application owner.
Each application owner should receive a separate work item for their respective application’s changes only.
Continuing the example:
App A Owner gets work item with 2 changes.
App B Owner gets work item with 3 changes.
Step 3 – Multiple Identity Handling:
If NCD detects changes for multiple identities, the process should handle each identity separately.
That is, each identity’s manager gets their own grouped approval.
After that, respective application owners should get work items as per their application.
Current Problem/Behavior Observed:
However, the current implementation is not working as expected:
During the Application Owner approval step:
It is not segregating approval items per application.
All changes are getting grouped and sent to the multiple application owner in which changes were detected.