Need a workflow that forward all pending certifications of a user to his manager’s manager when manager of the user is terminated

Rakesh_Singh_1234 · September 25, 2025, 1:06pm

Hye guys,

I need a workflow that forward all pending certifications of a user to his manager’s manager when manager of the user is terminated.

suppose user is xyz—abc(xyz’s manager)—-lmn(abc’s manager)

Now when the abc is terminated (lifecycle state becomes terminateddisabeled) then all the pending certification should automatically forwarded to lmn(abc’s manager) please guide

StephenHolinaty · September 25, 2025, 3:45pm

you might want to take a look at deploying the ISC Governance Connector, and using its Reassignment settings:

when the governance connector account (and thus the identity) is disabled, it can perform this action.

Ive also done very similar (and then some!) in a presentation I did for Developer Days 2025

if you need this in a workflow, high level:
trigger: identity attribute changed (lifecyclestate >> inactive)
call list-identity-certifications | SailPoint Developer Community
with the query param for the reviewer-identity, and possible filter for completed eq false and phase eq active
check if that result is null
check if the identity has a manager
then loop over those certifications, and reassign them

you run a risk here however on if that identity has more than 250 active Certifications (note: not certification campaigns, just certifications)

but that should reassign up to 250 active certifications to the manager.

Rakesh_Singh_1234 · September 26, 2025, 9:48am

@StephenHolinaty is there any workflow i tried one but it is not working at all

Rakesh_Singh_1234 · September 26, 2025, 10:02am

@StephenHolinaty are u talking about below connector: if yes then it is configured already in my tenant and aggregation is also done (1 lac account) now pls let me know how the certification will be reassigned to manager’ manager when manager is terminated through this connector ?

StephenHolinaty · September 26, 2025, 3:10pm

that is indeed the connector I am referring to.

Overall:
* set up that connector and aggregate
on the connector, under “Reassignment settings”, select the certifications checkbox, to reassign

Identity profile > lifecycle state provisioning (“Inactive” most likely), set it to Disable the “Identity security cloud governance” source’s account

so:
HR terminates someone
Lifecycle state moves to Inactive
Inactive triggers a Disable on the governance connector
Governance connector reassigns certifications that are in-progress from “fired guy” to “his manager”.

Rakesh_Singh_1234 · September 29, 2025, 9:37am

what is i put the isc governance connecter under a lcs that is cutom made (termdisable) and there if i put under disable account will it work?

StephenHolinaty · October 7, 2025, 9:28pm

that is the intention.
if you Disable the account on the “ISCGovernanceConnector” in a specific LCS, this will trigger if you configure the governance connector to do so.

Topic		Replies	Views
Need a workflow that forward pending certification campaign to manager ISC Discussion and Questions identity-security-cloud	2	36	October 7, 2025
Need a workflow! ISC Discussion and Questions identity-security-cloud	6	109	October 1, 2025
What exactly this connector Identity Security Cloud Governance do ? read articles but still confused? ISC Discussion and Questions identity-security-cloud	8	77	October 2, 2025
How do I get my workflow to launch a certification campaign for the new manager? ISC Discussion and Questions workflows , identity-security-cloud	24	1204	July 28, 2023
Certification launched though workflow is sent to owner of the workflow instead of the identity's manager ISC Discussion and Questions workflows , identity-security-cloud	2	849	July 19, 2023

Need a workflow that forward all pending certifications of a user to his manager’s manager when manager of the user is terminated

Related topics