We want to trigger Access review for 2 AD based endpoints combinedly.Few users are part of group1 under endpoint1 and others are part of group2 under endpoint2.
We want to trigger application owner endpoint for them and want all users should be shown to the primary certifier.
Could you please check & suggest how to achieve this. what is the query to be put under Entitlement & account.
Hi @Sitarasmi ,
You can select the applications (endpoints) in the campaign configuration and for entitlement values of a specific type, you can use entitlement type key in the entitlement query and you can find the entitlement type key (groups in your case) on UI using below steps:
Under the endpoint, go to entitlement type tab. Now click on the view detail Icon for your entitlement type (groups in your case).
You can find the entitlementtypekey in the URL for groups under that endpoint.
Note: using entitlementtypekey in the query , would include all the entitlements which are of that entitlement type under that endpoint.
If you want to launch it for specific entitlements, then you can populate a custom property inforthe entitlements you want to include in campaign and use that custom property filter in entitlement query.
You can use same approach to include specific accounts.
You can use Campaign Advanced configuration with Entitlement Query option to achieve your requirement
(entitlement_vaule=group1 and entitlementtypekey=<entitlementtypekey of endpoint1>) or (entitlement_vaule=group2 and entitlementtypekey=<entitlementtypekey of endpoint2>)
Entitlement type key of respective endpoints can be found by the steps shown by @pruthvi_t
Auto complete could be because of multiple reasons right,
Can you confirm what type certification you are launching? Also share you certification configurations and query utilized.
We are using Application Owner campaign.
Below is the query used for entitlement
(entitlement_value="group1 and entitlementtypekey in ('213','4706')) or (entitlement_value="group2" and entitlementtypekey=4755) or (entitlement_value="group3"and entitlementtypekey=221)
Group1 is common between two endpoints but having different accounts.
name in ('acc1', 'acc2', etc )
Since we want only specific accounts from specific groups from different endpoints.
When you run query in data analyzer do you see data coming with the where conditions you have used in advanced config?
Also do you have certifiers assigned at respective endpoint level?
Also did you select respective objects in certification?