Is there a way so that system can scan more than one identity cubes for policy violations?
For example: Person ‘P1’ has two Identity cubes in SailPoint ID1 and ID2.
ID1 has roles R1 and R2
ID2 has roles R3 and R4
The SOD policy configured with role R2 and role R3 as toxic combination (violation)
SailPoint runs policy violation per identity cube. So, in this case it won’t report violation since none of the individual identity cubes (ID1 or ID2) has role R2 and R3 together. However, since same person P1 owns both the identity cube ID1 and ID2, we are in need to run the policy violation across the identity cubes. So basically when policy runs it takes all the entitlements/roles from multiple identity cubes of same person and scan for any violations. How can we achieve this? Is there even possible to achieve?
We are using IIQ 8.0 patch 2 if that matters.
Thank in advance!