- 22 Aug 2024
- 3 Minutes to read
- Print
- DarkLight
- PDF
SailPoint IdentityNow - Create Certification Campaign
- Updated on 22 Aug 2024
- 3 Minutes to read
- Print
- DarkLight
- PDF
SailPoint IdentityNow - Create Certification Campaign creates a certification campaign for users that result from the saved query supplied as a trigger (or users that were selected in the Users table) who have a specified, new manager.
Certification refers to Identity Security Cloud's mechanism for reviewing a user's set of permissions, and approving or removing those permissions. Different reviewers often require multiple certifications to approve a user's access. A set of various certifications is called a Certification Campaign. A certification campaign, which includes each employee's current permissions, is sent to the new manager of employees. The new manager reviews each employee's permissions, and reapproves/revokes each permission.
This Enforcement Action currently supports only SEARCH
campaigns with an IDENTITY
type. For more information, see the SailPoint API Guide.
General Settings
- Enforcement Set name (required) - The name of the Enforcement Set. A default value is added by Axonius. You can change the name according to your needs.
- Add description - Add a description of the Enforcement Set. It is recommended to describe what the Enforcement Set does.
- Run action on assets matching following query (required) - Select an asset category and a query. The Enforcement Action will be run on the assets that match the query parameters.
- A query only returns results for the asset type it was created for.
- Not all asset categories are supported for all Enforcement Actions.
- See Actions supported for Activity Logs, Adapters Fetch History, and Asset Investigation modules.
- See Actions supported for Vulnerabilities.
- See Actions supported for Software.
- Action name (required) - The name of the Main action. A default value is added by Axonius. You can change the name according to your needs.
- Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.
- Use stored credentials from SailPoint IdentityNow adapter - Select this option to use the connected SailPoint IdentityNow adapter credentials.
- When you select this option, the Select Adapter Connection drop-down is available, and you can choose which adapter connection to use for this Enforcement Action. To use this option, you must successfully configure a SailPoint IdentityNow adapter connection.
Required Fields
These fields must be configured to run the Enforcement Set.
- Campaign Name - Enter a name for the campaign.
- Campaign Description - Enter a description for the campaign.
- New Manager ID - Enter the ID of the new manager.
Additional Fields
These fields are optional.
Connection Parameters
If Use stored credentials from the SailPoint IdentityNow adapter is disabled, these fields are required:
- User Name or IP Address - The hostname or IP address of the SailPoint IdentityNow server. The field format is https://sailpoint.api.identitynow.com/v3.
- Client ID and Client Secret - The Client ID and Client Secret for an account that has the Required Permissions to the API. For more information, see this explanation on the adapter's connection parameters.
- SSO Provider (Only for accounts with SaaS Management capability) - If your organization uses Okta for SSO, this adapter can be set as an SSO provider. see Connecting your SSO Solution Provider.
- Verify SSL (optional) - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
- HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.
- HTTPS Proxy User Name (optional) - The user name to use when connecting to the server using the HTTPS Proxy.
- HTTPS Proxy Password (optional) - The password to use when connecting to the server using the HTTPS Proxy.
Gateway Name - Select the gateway through which to connect to perform the action.
For more details about other Enforcement Actions available, see Action Library.