Take a tour of Certifications

Version 20

    When you're completing a certification, you can review a variety of information from the User Certification Screen so that you can approve or revoke the access of the identities you're reviewing.


    This page includes a list of items that the user has access to. You can approve or revoke their access to each of these items.



    • Entitlements are grouped by the source they come from.
    • Within each group, items marked as privileged come first. After that, entitlements are ordered alphabetically.


    certs tour.png


    1.pngClick All Users to go back to the User Certification list.
    2.pngUse < and > to page through the people you need to certify.
    3.pngThe IdentityNow display name of the person you're certifying.
    4.pngCancel reverts any changes you have made and Save Decisions saves your changes.
    5.pngIn the Roles section, you'll see any roles associated with your user. Roles are bundles of access that you can grant to an employee or group of employees. Roles cannot be revoked, but can be used to review and acknowledge the access profiles, entitlements, and apps that are contained within them.
    6.pngIn the Access Profiles column of the Roles section, you'll see any access profiles assigned to your user through a role. Click the number to see a list of access profiles granted through the role. Access profiles that were granted to users by a role are included in certification campaigns for review only. (For the Access Profiles section, see number 9.)
    7.pngIn the Applications column, you can see any apps that the user can access as a result of the access profile you're certifying. Click the number to see a list of the apps tied to any access profile.


    The Entitlements column displays the number of entitlements in the access profile. Click the number to see a list of the entitlements.
    9.pngIn the Decisions column for Roles, click Acknowledge to confirm that you have reviewed the contents of the role. All roles must be acknowledged in order to sign off on a campaign.
    10.pngWhen you click a number in a column, a popup will appear to show the contents of the Role or Access Profile.
    11.pngIn the Access Profiles section, you'll see any access profiles that your user has that need to be certified. Access profiles are bundles of entitlements that sometimes grant access to apps.
    12.pngDecisions Left indicates the number of items remaining in that section that still need to be approved or revoked.
    13.pngClick the Actions icon and select an action to perform on selected access items.
    14.pngIn the Decision column for Access Profiles and Entitlements, click Approve or Revoke for each item the user can access. Be sure to make a decision for each item in both the Access Profiles and Entitlements sections.

    Any exceptions for an access item appear below the Description and Account. Exceptions might include:

    • If the user was granted this access item since the last certification campaign, it is marked as New Access.
    • If an access item is sensitive, it is marked as Privileged.



    • The first time you run a certification campaign for your users, all access items are marked as New Access.
    • The New Access badge will only be displayed once one campaign has been completed in the org.
    16.pngIn the Entitlements section, you can see any entitlements the user has that are not part of access profiles.
    17.pngThe Show Details button allows you to view additional details about an access profile or entitlement.
    18.pngTechnical entitlement displays details about the technical entitlement from the source. Account id displays the unique ID for the account or accounts associated with the identity.  Account status displays if the account is enabled, disabled, or locked. Last modified displays the date the account was most recently updated. Description displays the description your administrator has added to an access item. Account displays the unique account identifier for the user's account on the sources associated with the access profile.


    For more information, see: