- 18 Sep 2024
- 3 Minutes to read
- Print
- DarkLight
- PDF
SailPoint IdentityNow - Create Certification Campaign
- Updated on 18 Sep 2024
- 3 Minutes to read
- Print
- DarkLight
- PDF
SailPoint IdentityNow - Create Certification Campaign creates a certification campaign for users that result from the saved query supplied as a trigger (or users that were selected in the Users table) who have a specified, new manager.
Certification refers to Identity Security Cloud's mechanism for reviewing a user's set of permissions, and approving or removing those permissions. Different reviewers often require multiple certifications to approve a user's access. A set of various certifications is called a Certification Campaign. A certification campaign, which includes each employee's current permissions, is sent to the new manager of employees. The new manager reviews each employee's permissions, and reapproves/revokes each permission.
This Enforcement Action currently supports only SEARCH
campaigns with an IDENTITY
type. For more information, see the SailPoint API Guide.
General Settings
- Enforcement Set name (required) - The name of the Enforcement Set. A default value is added by Axonius. You can change the name according to your needs.
- Add description - Add a description of the Enforcement Set. It is recommended to describe what the Enforcement Set does.
- Run action on assets matching following query (required) - Select an asset category and a query. The Enforcement Action will be run on the assets that match the query parameters.
- A query only returns results for the asset type it was created for.
- Not all asset categories are supported for all Enforcement Actions.
- See Actions supported for Activity Logs, Adapters Fetch History, and Asset Investigation modules.
- See Actions supported for Vulnerabilities.
- See Actions supported for Software.
- Action name (required) - The name of the Main action. A default value is added by Axonius. You can change the name according to your needs.
- Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.
- Use stored credentials from SailPoint IdentityNow adapter - Select this option to use the connected SailPoint IdentityNow adapter credentials.
- When you select this option, the Select Adapter Connection drop-down is available, and you can choose which adapter connection to use for this Enforcement Action. To use this option, you must successfully configure a SailPoint IdentityNow adapter connection.
Required Fields
These fields must be configured to run the Enforcement Set.
- Campaign Name - Enter a name for the campaign.
- Campaign Description - Enter a description for the campaign.
- New Manager ID - Enter the ID of the new manager.
Additional Fields
These fields are optional.
Connection and Credentials
When Use stored credentials from the adapter is toggled off, these fields need to be configured:- User Name or IP Address - The hostname or IP address of the SailPoint IdentityNow server. The field format is https://sailpoint.api.identitynow.com/v3.
- Client ID and Client Secret - The Client ID and Client Secret for an account that has the Required Permissions to the API. For more information, see this explanation on the adapter's connection parameters.
- SSO Provider (Only for accounts with SaaS Management capability) - If your organization uses Okta for SSO, this adapter can be set as an SSO provider. see Connecting your SSO Solution Provider.
- Verify SSL (optional) - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
- HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.
- HTTPS Proxy User Name (optional) - The user name to use when connecting to the server using the HTTPS Proxy.
- HTTPS Proxy Password (optional) - The password to use when connecting to the server using the HTTPS Proxy.
- Gateway Name - Select the Gateway through which to connect to perform the action.
For more details about other Enforcement Actions available, see Action Library.