Which IIQ version are you inquiring about?
8.3p1
Please share any images or screenshots, if relevant.
Please share any other relevant files that may be required (for example, logs).
[Please insert files here, otherwise delete this section]
Share all details about your problem, including any error messages you may have received.
We have an application where provisioning is not supported, and we’ve implemented an SoD (Segregation of Duties) policy. When a violation occurs, a manual work item is created for review and resolution.
After an admin or application owner marks the work item as completed, we want to verify whether the issue was actually resolved on the target system.
For example:
An application owner might mark the item as completed without taking any actual action on the system.
When we subsequently run an aggregation and check active policies, no new violations are detected.
However:
In the Violations tab, only new violations are displayed, and the previous unresolved violation does not reappear.
Our Questions Are:
Should SailPoint expire the work item automatically after a certain period if it hasn’t been properly resolved?
Is there a way to force SailPoint to recognize unresolved violations during re-aggregation and include them in the active violations list again?
We’re looking for a mechanism to ensure that if a violation remains unresolved after being marked as completed, it will reappear in the Violations tab during subsequent aggregations and policy checks.
Is there a recommended approach or configuration in SailPoint IdentityIQ to handle this scenario effectively?
