• Data policy to act when an assigned permission is coming to an end,

    Hi, We would like to have a data policy that notifies the enduser that their assigned permission are soon to be ended (7 days prior to enddate). I started with a policy as below and although I now for sure that I have assigned permissions with an…
  • Coverage Maps and Review Properties

    Is there a way to craft a coverage map that can reference the Review Owner property of a review? For instance, let's say that I would like to prevent a review owner from reviewing any of the items in the review itself, even though they might be a supervisor…
  • Permission to Account Mapping

    I created two collectors for one application. The first collects accounts, and the second permissions aka groups. The collection of both is working, but the association of the groups to the accounts is not set as expected. This is what I receive…
  • How to mapping account permissions from application, SAP ?

    Dear all, I am learning about NetIQ solution, please help me share some of the following information: If integrating IAM/IGA with SAP or other apps, Can we mapping role permissions for SAP database accounts to IAM/IGA ? And how can IAM/IGA deeply…
  • IG 3.7.3 Publish All Changes from Identity Manager AE Permission Collector results in the error [SEVERE] 2023-07-13 14:25:51.351 [com.netiq.iac.persistence.resolve.ApplicationResolutionServiceThread] [IG-DTP] Encountered unexpected error: org.hiberna...

    Hello, everyone. So, I've created one Application Source with the Identity Manager AE Permission Collector template to import the roles from IDV into IGA. However, when I try to Publish the Collection it results in the same error. Below is the…
  • Weird or Wrong AD Permission Collection

    Hi, I am running a fresh installed Identity Governance 3.7 I had also configured the AD Account Collector (3.6.2) and Permission Collector. The AD Permission is using the default "Collect Permission", change the Permission-User Mapping to Account…
  • How to configure Holder to Permissions Mapping properly?

    Hello everyone, We are trying to read level 10 roles that are assigned to identities in IDM's eDirectory, as permissions into IG. For this, we have configured an App Permission Collector and the whole list of level 10 roles is read correctly into…
  • Deleted Permissions on Role after reimporting Collector

    Hello everyone, I'm running into an issue after reimporting a collector. A customer had an issue with an AD application collector that wouldn't display the collection and publication history. To resolve this we deleted and reimported the application…
  • Collect group memberships in azure permission collector

    Is it possible to configure the Azure permissions collector to get group memberships? I am able to get the groups, but not the memberships.. On collect permission I have set permission-account or user mapping to "members" but that doesn't seem to…
  • How to limit the Access Request for One Permission on an Application

    Hi, We have a business scenario to restrict a user from requesting multiple permissions. Fulfillment will anyways fails but we still need to stop the user from requesting if already had a permission on this application. Any ideas on how to setup…
  • How to limit the access review only to permission item ?

    Here's some background: IG Integrated Apps Active Directory Application_A using AD authentication with AD groups as authorization Question is how can we limit the control in the access review where only can review permission item for Application_A…
  • Permission Mapping Assignment Type

    When setting up a permission collector there is an attribute of "Assignment Type" (key: atype, type: long) that is available on the "Permission to Holder" mapping and on the "Hierarchy permission child to parent/parent to child" mapping. As noted above…
  • No Self-Review Coverage Map

    Use-Case: I'm performing a User Access Review for a set of AD groups that grant privileged rights. I have a corporate policy that says user's cannot review their own access. I have a few instances where the group owner is also the member of the group…
  • Mandatory versus Optional permissions in Business Roles

    Hi. IG 3.5. I need clarification on Mandatory versus Optional permissions. I don't quite understand the difference. According to the documentation: When an authorization policy specifies Mandatory on a permission, technical role, or application, it means…
  • How to perform a review only for perm. that have an owner

    Hello, We are planning to run a regular review that will be performed by the “Permission Owner”. The Permission Owner will review all assigned permissions that are not part of a business role. So far this works. The issue that we are having is, that only…