Register Sign in Need help? FAQ SailPoint directory
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to use changes detected to quickly spot new users and new access in access reviews

How to use changes detected to quickly spot new users and new access in access reviews

 

One of the columns your reviewers can choose to display and in their IdentityIQ access reviews is “Changes Detected.” This column is available only in IdentityIQ certifications and access reviews that certify identities: Manager, Advanced, Application Owner, and Targeted certifications.

This column categorizes changes in access since the last time the identity was included in a certification of this type, as well as flagging new identities that have not previously been certified.  In other words, changes can be detected in access between one Manager Certification and the next, but are not detected between a Manager Certification and an Advanced Certification for the same identity.

The values that can appear in the Changes Detected column are:

  • New User: This identity has never been certified before, in a certification of this type
  • No: The identity has been certified before in a certification of this type, and there have been no changes to the identity's access since that time.
  • Yes: Once an identity has been certified, any new access items that are detected the next time a certification of the same type is generated will have a Yes value.

Here's an example to illustrate how the type of certification run can impact the values in the Changes Detected column.

  • Jim has access to AppA and AppB
  • Pam has access to AppB and AppC
  • Both Jim and Pam report to Michael

The scenarios below assume that the Perform Maintenance task is run regularly in between these various certifications.

  • May 1: An application owner certification is run for AppA for the first time. Jim's access is detected as a New User. Pam doesn't appear in these reviews at all.
  • May 10: An application owner certification is run for AppB. Jim's access appears as No, and Pam's as New User.
  • May 20: A manager certification is run for Michael's team. Both Jim and Pam appear as New User.
  • May 30: After a reorganization, Jim & Pam now report to Andy. A manager certification is run for Andy's team. Both Jim and Pam appear as No.
  • June 10: Jim & Pam are given new access to AppZ. If either an application owner certification for AppZ or a manager certification for Andy's team are run, Jim and Pam will show Yes for all AppZ entitlements, and No for their other entitlements.

Be aware that certain maintenance and system tasks in IdentityIQ must run for certification status to be updated. For example, if two certification campaigns are running concurrently, and they both include Jim, then Jim's "Changes Detected" status in each will depend on whether the other review has been completed, and whether the IdentityIQ system tasks that refresh status have run.

Note: The "Changes Detected" feature focuses on changes to the identity as a whole; filters on included items (such as which application they are on) are not factored in to change detection. This means that application owner certifications, and using application as a filter for manager certifications may not produce the "Changes Detected" results that are expected. For example, once an identity has been certified in an application owner certification for AppA, a later application owner certification for AppB will not show that AppB's items as changed, even if those specific items were not certified in the AppA application owner certification, unless the items for AppB were added to the identity after the AppA certification was completed.

If you are in doubt about the changed status of an identity's access, you can see details about certifications in the Identity Warehouse for any user, on the History tab.

 

Adding the changes detected column to your review

To add the Changes Detected column to your display:

  1. In the access review, click Columns
  2. Click Add Column and choose Changes Detected from the drop-down
  3. Drag the column tile as needed to put in the position you want relative to the other columns
  4. Save your changes.

Note that the column displayed on the Important tab and on the Open tab can vary, so if your review includes both of these tabs, you will need to add the Changes Detected column in each.


CD-ColumnDisplayed.png

 

Sorting, grouping, and filtering for changes detected

To sort items by Changes Detected status, click on the Changes Detected column heading.

To group items by Changes Detected status, click Group By and choose Changes Detected from the drop-down. If bulk decisions are enabled for your review, you can select all the items in a group (all New User items, for example) by checking the box beside the Changes Detected heading, and then process them in bulk.


CD-GroupBy.png

 

To filter items by Changes Detected:

  1. Click Filter
  2. If Changes Detected isn’t shown as a filter option, click Add Filter and choose Changes Detected.
  3. Choose the status (Yes, No, New User) to you want to filter on in the Changes Detected filter field.
  4. Click Apply.
  5. To remove this filtering, click Filter again, and click Clear.

CD_Filtered.png

Labels (2)
Version history
Revision #:
14 of 14
Last update:
‎May 16, 2026 11:24 AM
Updated by:
SailPoint Employee
 
View Article History