We want to use targeted certification to review user’s entitlements but entitlements assigned by roles not shown as being a new line on certification because of RBAC logic. Is there any way to show as being certification item. For example;
USER 1 has a Ent1,Ent2,Ent3,Ent4 on AD App.
Ent1 and Ent2 come with LCM/Agg –> these are shown as being cert item.
Ent 3 and Ent4 assigned by roles. –> these are not shown I want to shown on certification as being cert item.
I don’t want to review roles as being cert item, I want to review entitlements insides roles by users’ manager. Actually, I found a topic like at below but there is no solution about requested situation.
@cantasasiz This requires changes to how IIQ stores EntitlementGroup. Certifications uses entries in EntitlementGroup to launch certification. For Role assignments, there is no entry for underlying entitlements and for direct entitlement assignment, these entries are there.
You can try introducing a custom rule which can read your entitlementgroup entries and for roles, you can fetch the underlying entitlements and make a new custom entitlementgroup for these entitlements and save on identity. I never tried it, please give it a try if it works.
Note: Found a fix?Help the community by marking the comment as solution. Feel free to react(,, etc.)with an emoji to show your appreciation or message me directly if your problem requires a deeper dive.
,
, etc.)with an emoji to show your appreciation or message me directly if your problem requires a deeper dive.