One of the controls we perform on a regular basis is an review of Non Personal accounts with access to an application.
Till we started using the multiapp collector for applications that use Active directory as an account source this was done via a straightforward account review selecting all accounts of a specific application or in most cases applications with a specific classification.
With the introduction of the multi app collector we now get visibility on account from a central directory that have access to an application.
the simple selection of show accounts that are part of an application with classification ISAE we used to use in the account review does no longer show the complete picture.
The new selection should also contain account from the active directory that have access to an applications with this classification ISAE.
we have tried using the below query, assuming that has accapps translates to "has access to app"
unfortunately this does not result in Active Directory accounts with access to an application of showing up in the review.
Alternative solutions we investigated where using the account in group with option but there is no way to link those to the application labels we are using only attributes on the group itself can be used.
Main Question: - how do we create an account review containing both accounts in the application and accounts from a directory
Secondary question: how should we interpreter the filter has business source with (accounts.id has accapps).