I know it is possible to link a workgroup as an identity owner/supervisor in the same way as a Manager. However, after assigning a workgroup as manager, the members do not receive the manager capabilities. The requirement is for non-human identity onboarding where we have multiple owners for some non-human identities, which is why we want this solution. For example, for non-human identities, I would like decisions in business processes to be made by this particular group. Is it possible for workgroup members to have the same capabilities that a manager has, such as accessing all reportees in “Manage User Access” and participating in manager certification?
As far as I know, workgroup members do not inherit manager capabilities such as reportee visibility or participation in manager certifications. For non human identity onboarding with multiple owners, workgroups are the appropriate construct for approvals and governance decisions, but they are not a replacement for the manager hierarchy. Each use case would need to be addressed individually. For example, in Manage User Access, you could define a dynamic scope that allows workgroup members to use a RequestObjectSelector to control which objects are available for request and removal.
Having workgroup as manager will violate the underlying architecture, which is, a user can have only one manager. There are many Identity APIs which will break in such cases. For eg: Below code will break in this scenario:
Identity manager = user.getManager();
// now if "manager" is a workgroup
manager.getLastName(); // this will not be resolved.
