Can you please elaborate your use case? If I understand your query you want to review some high risk access through certification.
If so then you will use regular certification process to launch the certifications, You can do either User Manager or Entitlement Owner certification.
Thank you for the response. Can we user manager certification only for a few types of entitlement?
cn=Domain Admins,cn=users,dc=****,dc=com & cn=Enterprise Admins,cn=users,dc=****,dc=com & cn=Schema Admins,cn=users,dc=****,dc=com
will this include users with access via nested groups?
1. Yes you can use Advanced Campaign Configurations and use respective query which includes only entitlements that you want to review in Entitlements Query field
2. No, Nested entitlement users won't be available by default unless you include those nested entitlements as well in your entitlement query
Yes it can be done, There is no difference in certification for PAM it depends on regular IGA functionality.
You can create a user update rule where you can select action as launch certification and configure the respective settings for certification and then schedule the job: Launch Certification from Rule Job (LaunchCertificationFromRuleJob)
I am trying to launch an entitlement owner campaign but the list is not seen at the certification level. Below are the examples:
But the other entitlements are getting picked up.
Is there any specific reason like entitlement type which needs to be included while creating it?
it depends on your certification configuration, please share the screenshots of your certification configuration. And please tell me which endpoint entitlements/entitlement type are not seeing in the certification.
Also please check below things
Below is the screen shot:
The entitlement type is role for parent ant group is shown on child entitlement. for normal group entitlements without nested groups the launch works as below:
But these are not included (testqa entitlement)
Below are the finding: