New Certification Campaign in Identity Now

Venu1010 · January 24, 2025, 2:17pm

Hi Team,

Hope all doing well.

We have 9,000 identities in SailPoint IdentityNow (IDN) for our organization, which were imported from CSV files. We do not have HR data directly connected to SailPoint. Now we need to trigger a new certification campaign for these identities in SailPoint IdentityNow. Could you please suggest the best way to accomplish this? Note : We have 200 approvers for 9000 users in csv.

Regards,
Venu

Venu1010 · January 24, 2025, 2:21pm

zachm117 · January 24, 2025, 2:39pm

Hi @Venu1010,

I would suggest checking out the Certification documentation which details how to build and initiate certification campaigns.

I also noticed the identity in the image you provided looks like it has an exception (red exclamation point icon). You can read this section of the documentation to try and resolve identity exceptions, which would be needed before initiating a campaign.

Thank you,

Zach

agutschow · January 24, 2025, 3:00pm

How will you associate the individuals in the certification with the reviewers?

Venu1010 · January 26, 2025, 2:37am

We have a set of owners(200) for 9000 identities. We need to send them manually.
Note : We have one owner for each Agency(Department).

Venu1010 · January 26, 2025, 3:03am

The exact requirement is :

Certification of external users of organization who don’t have access.

Csv file contains-users, department, roles they have access to primary approver and secondary approver

Approver are assigned based on department it is unique for each department

agutschow · January 26, 2025, 3:10am

You can create search-based campaigns for each department and set the reviewer to a particular individuals. For example, you could do a search like department:Executive Management.

Since you have 200 campaigns to setup, I would suggest that you look at the API for creating the campaigns.

create-campaign | SailPoint Developer Community

You could use your csv in Excel to create the duplicate the body for each department or you could write a simple program to iterate through your data and create the campaigns. You can also activate the campaigns through the API.

As far as a primary and secondary reviewer, you can create governance groups to have the primary and secondary individuals in. However, the first one who completes the certification will be the reviewer. If what you are wanting is that both people have to approve, you will have to do a set of campaigns to the first reviewer and then a set of campaigns to the second reviewer.

Venu1010 · January 26, 2025, 3:13am

We have only admin, no developers as of now. Please suggest.

Venu1010 · January 26, 2025, 3:38am

Could you please suggest without API.

agutschow · January 26, 2025, 3:51am

Without the API, you will need to go to the Search menu in the interface and select the campaign icon. From there, you can create a New Campaign for identities.

You will need to go through the setup process for each department.

Venu1010 · January 26, 2025, 3:58am

Actually I have worked on IIQ. Not having experience in IDN. Please suggest me to import new .csv file(Which has 9000 identities) in to IDN as Authoritative source.

JackSparrow · January 26, 2025, 11:06am

Is your IDN has been set up completely? From the snip you sent here, I can see the configuration is incomplete. In this case, better to go for uncorrelated cert.

Venu1010 · January 27, 2025, 6:24am

can we re-do the import and complete the configuration?

Dharani · January 27, 2025, 6:53am

Hi @Venu1010

You can Create a Search based Certification campaign for individual identities.
But before that

Csv file contains-users, department, roles they have access to primary approver and secondary approver Add few more details in the csv like reviewer name and mail id and also one unique column which contains a unique value and make it as an Entitlement while source settings.

Create a new delimited source and import the updated CSV file. You will find the uncorrelated accounts make them correlate and configure a new search based campaign by writing query and perform the same with each individual reviewer.

Let me know for any confusions.

Thank you!
Dharani.

Venu1010 · January 28, 2025, 4:44am

How do we add more attributes in downloaded csv file from IDN?
Account Schema - do we need to set before importing the file. means, source settings before importing??
If we set the manager attribute can we trigger a manager cert also rgt?

Dharani · January 28, 2025, 6:03am

Hi @venu,

Create a source then set the account schema.

Can you please elaborate on this question
If we set the manager attribute can we trigger a manager cert also rgt?

Thanks!

Venu1010 · January 28, 2025, 6:19am

in the csv file if we set manager attribute. can we schedule a manager cert?

Dharani · January 28, 2025, 6:31am

Hi Venu,

Since you said you’re configuring a campaign for external users i would suggest you to go with the search based certification campaign where you can choose a individual reviewer option and assign to the correct point of contact.

Thank you!

Venu1010 · January 28, 2025, 7:21am

We have reviewer for group of users(in total we have 200 reviewer for 9000 users).

system · March 29, 2025, 7:22am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.