Separation of Duty Configuration

Complete the following steps to configure Separation of Duty (SoD) Hard and Soft checks in IdentityIQ.

  1. Go to SailPoint IdentityIQ for Service Catalog > Setup.

  2. Select Yes for Is LCM Enabled in IIQ?

  3. Enter LCM Provisioning in SailPoint IdentityIQ - Business Process Name.

  4. Select Save.

  5. Go to SailPoint IdentityIQ and log in with the administrator account.

  6. Select Setup > Business Processes.

  7. Select LCM Provisioning from the Edit An Existing Process list.

  8. Go to Process Variables > Policies to Check and select the desired option.

  • Disable Policy Checking: SoD checks will not be performed on the ServiceNow side or the IdentityIQ side.

  • Continue On Policy Violations: A Soft Check will be performed on both the ServiceNow side and the IdentityIQ side. The user will see a warning message that the SoD policy is being breached, however, the user will still be able to place the request.

  • Present Failures to Requester: A Soft Check will be performed on both the ServiceNow side and the IdentityIQ side. The user will see a warning message that the SoD policy is being breached, however, the user will still be able to place the request.

    Important
    In ServiceNow this option behaves exactly as Continue On Policy Violations, however, in IdentityIQ the user must leave a mandatory note prior to submitting the request.

  • Fail workflow: A Hard Check will be performed on both the ServiceNow side and the IdentityIQ side. The user will see a warning message that the SoD policy is being breached, and the user will not be able to place the request.

  1. Select Save.