Trigger certification for entitlement owner : AD Source

Venu1010 · March 10, 2026, 1:52pm

Hi All,

I hope all doing well.

We have a list of users for whom we need to trigger a certification. The search query is:
source.name:"Active Directory" AND value:"OU=OID Agencies,OU=Roles,OU=Applications,DC=**,DC=**,DC=**,DC=**"

Each entitlement has a different owner. We want to trigger the certification for the entitlement owner, not the manager, in SailPoint Identity Security Cloud (ISC). I am new to ISC workflows. Could someone please guide me on how to achieve this? Also, when the certifier revokes access, it should be removed automatically. Please help.

trettkowski · March 10, 2026, 1:56pm

Hi @Venu1010

Unfortunately entitlement owner certifications are not supported out of the box at this moment. Here is the thread where this is being requested repeatedly:

Venu1010 · March 10, 2026, 2:10pm

can we do it with workflow?

AsGoyal · March 10, 2026, 5:49pm

Hey @Venu1010 ,

Your source owner is different from entitlement owner?

ajmerasunny · March 10, 2026, 6:23pm

I have done this using PS Script running outside of ISC.

Venu1010 · March 11, 2026, 2:49am

yes Each entitlement has different owners. please suggest

Venu1010 · March 11, 2026, 2:50am

what is it? Could you please explain and guide me too as well.

Venu1010 · March 11, 2026, 2:58am

vishal_kejriwal1 · March 11, 2026, 4:54am

2 options

Create a review for each entitlement separately, If the count of entitlement is large it could be nightmare
Use the external PS script to run the review ( recommended way this use this earlier to generate EO review)

Venu1010 · March 11, 2026, 5:07am

external PS script to run the review how to do this. I am new to this pls guide

suraj_gorle · March 11, 2026, 5:14am

Hi @Venu1010 ,

You can utilize the SailPoint Certification API to generate certifications through a PowerShell script for each entitlement, keeping the reviewer as the entitlement owner.

vishal_kejriwal1 · March 11, 2026, 2:41pm

Check the PS SDK and try to setup in local

David_Norris · March 11, 2026, 4:23pm

If this is a new engagement, with SailPoint’s involvement, maybe reach out to the CSM team to get the ruby script from SailPoint’s PS.

They have a ruby script that does access object’s owner certification (specifically to reassignment certification items).

If not, you can vibe up a script to call the powershell cmdlets.

Venu1010 · March 11, 2026, 4:49pm

what is CSM team ?is this the sailPoint Team

David_Norris · March 11, 2026, 5:20pm

You can reach them at:
customersuccess@sailpoint.com

Specifically, the keywords you want to mention to them is “Bulk Certification Reassignment to Object Owner”. It was at version 1.0 back in 2024 Aug 2nd.

Note that this will count towards your monthly API quota…so depending on the certification campaign size and frequency, it might become something you need to factor into.

Topic		Replies	Views
REPOST with clarification : Guidance Needed: Assigning Entitlement Certification to Owners in SailPoint ISC ISC Discussion and Questions identity-security-cloud	1	44	March 14, 2026
Is there a way to setup Campaign based on Entitlement Owner ISC Discussion and Questions apis , rules , identity-security-cloud , entitlements	15	944	November 11, 2024
Certifications with Logic ISC Discussion and Questions identity-security-cloud , certifications , entitlements	9	64	April 10, 2026
Entitlement owner certification ISC Discussion and Questions identity-security-cloud , certifications	6	493	April 6, 2025
Group owner based certification ISC Discussion and Questions identity-security-cloud	4	188	November 30, 2024

Trigger certification for entitlement owner : AD Source

Related topics