Certification

  • Certification

Accesses of identities (entitlements and roles) are reviewed and managed by designated reviewers.

Lifecycle stages after generation

  • Staging (optional) : certification owner examines certification before sending out notifications to certifiers.   Notification : Initial Notification is sent to the reviewer (if configured) 
  • Active Phase - Reminders and Escalations in Active phase . By default, the reminders go to the certifier. But if you want to add some more recipients or include your own logic to send reminder emails                                                                                   
  • Challenge Phase - Optional stage - Begins when Active phase is over (challenge phase may run concurrent to Active phase if “Process Revokes Immediately” is enabled)                                                                                                                                
  • Sign Off - Starts when All the decisions (revoke/approve) been taken. Once reviewer clicks “sign off” button, the access reviews become read-only and decisions can not be modified any more                                                                                                       
  • Remediation and Revocation  - Optional phase - Actual removal of entitlements. This may be manual or automated                  
  • End Phase  - Access review enters end phase when all configured phases passed their end date and all process and actions are completed                                                                             
  Certification Rules 

Certification Rules run during the certification creation process and during the certification lifecycle. 

Important Rules used during the Certification process include:  

 • Exclusion rule :- A rule to exclude all contractors and inactive identities in Manager Certification.
Pre-delegation Rule :-  A rule to assign the access reviews to a different user (like spadmin) if an account is inactive.
• Active Period Enter Rule 
• Certification Escalation Rule 
• Challenge Period Enter Rule 
• Sign off Approver Rule 
• Closing Rule 
• Revocation Period Rule 
• End Period Enter Rule

Types of Certification Setup -> Certifications -> New Certification 

Manager : Manager reviews direct reports access 
Application Owner : Application Owner reviews list of identities having entitlement related to specific application 
Entitlement Owner : Entitlement owner reviews list of identities having specific entitlement
 • Role membership : lists identities connected to specific role 
Role composition : shows entitlements encapsulated within roles 
Account Group Permissions : list of Permissions that constitute an account group for selected applications 
Account Group Membership : Lists identities to one or more account groups
  • Advanced : Allows for creation of custom certifications based on groups or population


Certification Objects  :-

• Certification Group 
• Certification Definition 
• Certification 
• Certification Entity 
• Certification Item 


Delegation, forward and Reassignment 






Subscribe to: Posts (Atom)