Identity and Access Management

Leveraging campaign filters for Access Certification in IdentityNow

Campaign filters help to filter out the identities which needs to be part of the review process. It helps to keep the reviewers to have the right amount of identities to be reviewed for the appropriate level of entitlements. Campaign filters can be built to filter the identities either based on inclusion or exclusion.

It plays a vital role in retrieving the subset of data for entitlement and the users. Filters can be built on the following criteria which is more granular in nature. This also helps to address various business scenarios. Example such filters could be:

  1. If we want to filter Finance department of the Identity Attribute having Access Profiles of VPN, we can make that to be reviewed.
  2. Need for doing reviews for specific identities can be filter based on their email id with the help of Identity Filter
  3. ¬†Filter the campaign by specific access profile “VPN” with the role “Support Engineer”

Filters can be formed based on the following aspects:

  • Access Profile
  • Account Attribute
  • Entitlement
  • Identity
  • Identity Attribute
  • Role
  • Source

The table provided below provides the possible operations and values upon which the filter can be applied:

Important points to ponder:

At this time of writing the following are some important points to note:

  • We cannot filter based on the entitlement in the IdentityNow
  • Entitlements are filtered based on their display names
  • Access profiles granted by roles and life cycle are not included in certification campaigns
  • Filter Criteria are connected using OR operator
  • To view the items which are excluded based on the campaign filter can be enabled with the help of API to “Enable or Disable campaign exclusion reports”
  • Value field is not case sensitive

Leave a Reply

Your email address will not be published. Required fields are marked *