Symantec IGA

  • Private Community

  • 1.  Identity Portal and IG - Certify what you request

    Posted Jul 19, 2018 01:59 PM

    Hi Experts,

    Identity Portal provide a tree like Entitlements for Access - so one can group Applications, Permissions (Roles) etc. But when it comes to certification the same Tree structure is not represented. Its only the Target Permission that is visible for certification - even more worse is the actual IDM representation is certifiable and not the IDP representation. 

     

    I am not sure if I am the only one out here who sees a disconnect or may be people are dealing with workarounds. 

     

    Just want to hear from the experts on what they feel about this. 

     

    Thanks



  • 2.  Re: Identity Portal and IG - Certify what you request

    Posted Feb 08, 2019 07:09 PM

    Any thoughts on this? Is this not a problem Identity Portal customers are facing today?



  • 3.  Re: Identity Portal and IG - Certify what you request

    Broadcom Employee
    Posted Feb 09, 2019 11:08 AM

    I think they key is to have the business friendly displayname attribute of the roles, account templates, and resources in sync with the displayname in the entitlement catalog.  In this way what the reviewer is certifying is the same displayname as used when the entitlement was requested.  I think it advisable to have a common script populating the IP Catalog and the IM Roles and Account templates.  In this way you will maintain an exact sync.