|Click All Users to go back to the User Certification list.|
|Use < and > to page through the people you need to certify.|
|The IdentityNow display name of the person you're certifying.|
|Cancel reverts any changes you have made and Save Decisions saves your changes.|
|In the Roles section, you'll see any roles associated with your user. Roles are bundles of access that you can grant to an employee or group of employees. Roles cannot be revoked, but can be used to review and acknowledge the access profiles, entitlements, and apps that are contained within them.|
|In the Access Profiles column of the Roles section, you'll see any access profiles assigned to your user through a role. Click the number to see a list of access profiles granted through the role. Access profiles that were granted to users by a role are included in certification campaigns for review only. (For the Access Profiles section, see number 9.)|
|In the Applications column, you can see any apps that the user can access as a result of the access profile you're certifying. Click the number to see a list of the apps tied to any access profile.|
|The Entitlements column displays the number of entitlements in the access profile. Click the number to see a list of the entitlements.|
|In the Decisions column for Roles, click Acknowledge to confirm that you have reviewed the contents of the role. All roles must be acknowledged in order to sign off on a campaign.|
|When you click a number in a column, a popup will appear to show the contents of the Role or Access Profile.|
|In the Access Profiles section, you'll see any access profiles that your user has that need to be certified. Access profiles are bundles of entitlements that sometimes grant access to apps.|
|Decisions Left indicates the number of items remaining in that section that still need to be approved or revoked.|
|Click the Actions icon and select an action to perform on selected access items.|
|In the Decision column for Access Profiles and Entitlements, click Approve or Revoke for each item the user can access. Be sure to make a decision for each item in both the Access Profiles and Entitlements sections.|
Any exceptions for an access item appear below the Description and Account. Exceptions might include:
- If the user was granted this access item since the last certification campaign, it is marked as New Access.
- If an access item is sensitive, it is marked as Privileged.
- The first time you run a certification campaign for your users, all access items are marked as New Access.
- The New Access badge will only be displayed once one campaign has been completed in the org.
|In the Entitlements section, you can see any entitlements the user has that are not part of access profiles.|
|The Show Details button allows you to view additional details about an access profile or entitlement.|
|Technical entitlement displays details about the technical entitlement from the source. Account id displays the unique ID for the account or accounts associated with the identity. Account status displays if the account is enabled, disabled, or locked. Last modified displays the date the account was most recently updated. Description displays the description your administrator has added to an access item. Account displays the unique account identifier for the user's account on the sources associated with the access profile.|