sailpoint IdentityIQ find connectors

Question

I am new to sailpoint IdentityIQ.

How to find the connectors that filter out read-only entitlements during aggregation and certification please?

Thanks for your help!

Answer 1

During group aggregation, you can use a rule to modify the entiries found, including to make them requestable or not, modify their names, or to exclude them from IdentityIQ. This rule is attached to the group aggregation task.

You can refer to this article in SailPoint Community: https://community.sailpoint.com/t5/Technical-White-Papers/Group-Aggregation-Data-Flow/ta-p/79070

Basically, in your group aggregation task, there is a dropdown to select/create a rule. You can create a new rule to do the logic you want. IdentityIQ will invoke your rule once per group object found, and if you return null, the group will be ignored. Or you can modify the object (change its name or description for example) and return it.

You can see the parameters IdentityIQ provides in the rule editor interface. Those groups you do return in your rule, becomes "Entitlement" objects in IdentityIQ.

For certification, you can assign a rule to select what you want to certify. In the campaign settings, IdentityIQ only certifies entitlement objects only. When it finds a group that is not an entitlement, that group is called "Additional Entitlement", and there's a checkbox to include or exclude it in the certification.

So if you already took care of groups you don't want in your group aggregation rule, for certification you can simply set it to exclude additional entitlements.

Answer 2

Here are the steps:

1. Connectors tab
2. Edit to open connector config
3. Attribute Mapping
4. Identify read-only entitlements
5. uncheck Certification and Aggregation
6. Save the configuration