Hi,
It is not possible to export Admin and Access Roles to Identity Governance.
You have 2 options to work around this limitation:
Option1 - Small number of Admin and Access roles that need to be certified:a) You can create an empty provisioning role that maps to each Admin/Access role you want to certify (example
Management Console Admin Access)
b) Create an Identity Policy that assigns this empty provisioning role to anyone who has an admin role that allows this level of administration access (this is to handle the automated provisioning aspect)
3) Create an Identity Policy that revokes the Admin Role from anyone that loses the Provisioning Role. You can also do this with a PX policy. This is to handle the automated removal from the Admin or Access Role, if the matching provisioning role is revoked from a certification.
Pros: This keeps everything in one place as far as certification goes.
Cons: You will need to creating Provisioning roles that map to the Admin/Access roles you want to certify
Option2 - Large number of Admin and Access roles that need to be certifiedThere is a legacy certification capability in Identity Manager that is hidden. You just need to search for certification tasks (filter *certif*) and expose them to specific Admin roles (User Manager, Certification Manager, etc.)
Pros: No need to create matching Provisioning roles
Cons: This certification will be separate from the other certification and is only available in the Identity Manager UI. If you are using Identity Suite then it will not show up in the certification view of the portal user.
Here is how it looks like in IDM:
Original Message:
Sent: 12-05-2019 05:11 AM
From: Gopal Dubey
Subject: IM Admin roles export in IG - IDM Universe
Hi All,
is it possible to import IDM admin roles and access roles in IG-IDM Universe? in order to certify IM console admin access.
We are only able to import provisioning roles in IG-IDM Universe not admin or access roles.
Thanks,
Gopal