Click HERE to see how Saviynt Intelligence is transforming the industry. |
08/22/2024 10:45 AM
Hello all, we have launched the access certification (manager). The disconnected application's entitlement has AD entitlement as other entitlement(nested). During the ARS if disconnected application group is added or removed, so did the nested group. But now during the certification the disconnected application's access removal only generated the pending task for that particular application and not the Active Directory. Is there anything I need to do to make sure it works as in ARS?
08/22/2024 10:50 AM
Are you using entitlement map ? If yes then this expected behavior .
for AD entitlement should be removed from ad application
08/22/2024 11:05 AM
AD is not being reviewed only the disconnected application is and yes, we did entitlement map has request filter =true, add dependent task =true, remove ent task =true and exclude entitlement=false.
With the same configuration, the ARS works on addition/removal of both disconnected entitlement and AD simultaneously under pending tasks.
08/22/2024 11:26 AM
Just checked the documentation and they are supported only via EO certification. Isn't there any work around like via analytics or a custom rule? When is entitlement revoked from certification also result in revoke mapped entitlement/child entitlement?
08/22/2024 12:01 PM
08/22/2024 12:29 PM
Thank you @rushikeshvartak for confirming. I'll spend some time to over this one and will update how it goes.