We need to initiate a certification process in SailPoint Identity Security Cloud (ISC) based on entitlements retrieved from a search query. The search query is:
source.name:"Active Directory" AND value:"OU=OID Agencies,OU=Roles,OU=Applications,DC=**,DC=**,DC=**,DC=**"
Each entitlement has a unique owner specified in the source attribute called “MAIL” (e.g., the entitlement owner’s email address). The goal is to assign the certification to the entitlement owner (as specified in the “MAIL” attribute) rather than the identity manager. Additionally, when the certifier revokes access during the certification process, the entitlement should automatically be removed from Target Application (Active Directory).
As I am new to SailPoint workflows, I would appreciate guidance on how to achieve this setup in ISC. Could you please provide clear steps or best practices to configure this?
Below are the screenshot for your reference.
