Skip to content

Enabling Recommendations Using AI

Enabling Recommendations for Access Request Approvals

Note

This option is not available until init-ai.xml is imported into IdentityIQ and a connection to AI-Driven Identity Security is configured.

AI-Driven Identity Security can make access recommendations for decisions on access requests. This feature must be enabled in your Lifecycle Manager settings, in order to generate access recommendations for access request approvals.

  1. Log in as an IdentityIQ administrator.

  2. Under the gear icon, select Lifecycle Manager.

  3. In the AI-Driven Identity Security Approval Recommendation section of the Configure tab, check the Enable the generation of AI-Driven Identity Security access recommendations on approvals option.

  4. Save your changes.

After this option is enabled, your access reviewers can see decision access recommendations when they review access requests. See Approving Access Requests(LINK IN DOC) for more information.

Enabling Recommendations for Access Requests

Note

This option is not available until init-ai.xml is imported into IdentityIQ and a connection to AI-Driven Identity Security is configured.

IdentityIQ can make access recommendations for self-service requests for roles, using AI-Driven Identity Security. AI-Driven Identity Security uses peer group analysis, based on information such as the user's manager, department, location, and colleagues, to make access recommendations about what access a particular user should have. The access recommendations and the final decision are captured in reports, supplying important information about access decisions for auditors.

This feature must be enabled in your Lifecycle Manager settings, in order to generate access recommendations for access requests.

  1. Log in as an IdentityIQ administrator.

  2. Under the gear icon, select Lifecycle Manager.

  3. In the AI-Driven Identity Security Approval Recommendation section of the Configure tab, check the Enable the generation of AI-Driven Identity Security Access recommendations on access requests option.

  4. Save your changes.

After this option is enabled, your users have the option to see access recommendations when they request access.

See Requesting Access(LINK IN DOC) for more information.

Enabling Access Recommendations and Automatic Approvals Globally for Certifications

Note

This option is not available until init-ai.xml is imported into IdentityIQ and a connection to AI-Driven Identity Security is configured.

AI-Driven Identity Security can provide decision access recommendations during the access certification process, and can also make automatic approvals. Access recommendations and automatic approvals can be enabled globally for all applicable certification types, or can be enabled at the individual certification level.

Note

Items automatically marked as approved still require a reviewer's sign-off to complete the certification. Reviewers retain the option of changing the automated decision, as needed, before signing off on the review.

To set a global default for all applicable certifications

  1. Log in as an IdentityIQ administrator.

  2. Under the gear icon select Compliance Manager.

  3. In the Decisions section, check the Show Access Recommendations option.

  4. If you want to automatically mark access review items as approved and move them from the Open to the Review tab of the access review, check the Automatically Approve Recommended Items option. When you enable automatic approvals, your reviewers will still have the opportunity to review and, if needed, change decisions before their final sign-off on the access review.

  5. Save your changes.

To change the default setting on an individual certification, refer to Introduction to Certifications and Access Reviews(LINK IN DOC) for information on scheduling specific certification types.

After this option is enabled, your certifiers can see decision access recommendations when they perform access reviews.