SOD policy Violation - Access Review

Hi Experts,

We have SOD policies created in ISC tenant. But I don’t see the violation flag coming up in the campaign when the reviewer certifies the access.

Is there a way we can achieve this in IDN.

Chandra Mohan

Hi @chandramohans27
I think you can’t detect any existing violations during certifications, You will be able to see a violation flag when you request for conflicting access which comes under preventative SOD, If you need to certify existing and conflicting access items for a specific policy then you can go to the policy section and you can create certification for the people who are having conflicting access according to that policy.

Feel free to ask if you need any further assistance in creating a certification for a specific policy from a policy section. :innocent:

1 Like

Thanks @VasanthRam for your reply.

I see options to create certification for SOD policy, But If i have 10 SOD policies, I need to submit 10 certifications. Can we combine all SOD policies into one certification?

Chandra Mohan S

Hi @chandramohans27,

From the ui you can only create one certification campagin per SOD policy.

A certification campaign cannot be create from multiple SOD policies directly.

Notice also that the action that ISC does when you want to create a certification campaign from SOD is to retrieve only the SOD policy search criteria and use it as query in certifications campaign :

If you want to create one certification campagin from multiple SOD policy, you must retrieve each SOD policy criteria one by one and contatenate thoses as one search criteria by adding OR operator beetween each criteria.

And then you can create manually a certification campaign with that global search criteria.

It’s simple to find a criteria of SOD policy by using endpoint list-sod-policies | SailPoint Developer Community :

1 Like