Take a tour of Certifications

Version 17

    When you're completing a certification, you can review a variety of information from the User Certification Screen so that you can approve or revoke the access of the identities you're reviewing.

     

    This page includes a list of items that the user has access to. You can approve or revoke their access to each of these items.

     

    NOTE: Entitlements are grouped by the source they come from. Within each group, entitlements marked as privileged come first. After that, entitlements are ordered alphabetically.

     

    certs_tour_new.png

     

    NumberDescription
    1.pngClick All Users to go back to the User Certification list.
    2.pngUse < and > to page through the people you need to certify.
    3.pngThe IdentityNow display name of the person you're certifying.
    4.pngCancel reverts any changes you have made and Save Decisions saves your changes.
    5.pngIn the Roles section, you'll see any roles associated with your user. Roles are bundles of access that you can grant to an employee or group of employees. Roles cannot be revoked, but can be used to review and acknowledge the access profiles, entitlements, and apps that are contained within them.
    6.pngIn the Access Profiles column of the Roles section, you'll see any access profiles assigned to your user through a role. Click the number to see a list of access profiles granted through the role. Access profiles that were granted to users by a role are included in certification campaigns for review only. (For the Access Profiles section, see number 9.)
    7.pngIn the Applications column, you can see any apps that the user can access as a result of the access profile you're certifying. Click the number to see a list of the apps tied to any access profile.

    8.png

    The Entitlements column displays the number of entitlements in the access profile. Click the number to see a list of the entitlements.
    9.pngIn the Decisions column for Roles, click Acknowledge to confirm that you have reviewed the contents of the role. All roles must be acknowledged in order to sign off on a campaign.
    10.pngWhen you click a number in a column, a popup will appear to show the contents of the Role or Access Profile.
    11.pngIn the Access Profiles section, you'll see any access profiles that your user has that need to be certified. Access profiles are bundles of entitlements that sometimes grant access to apps.
    12.pngDecisions Left indicates the number of items remaining in that section that still need to be approved or revoked.
    13.pngClick the Actions icon and select an action to perform on selected access items.
    14.pngIn the Decision column for Access Profiles and Entitlements, click Approve or Revoke for each item the user can access. Be sure to make a decision for each item in both the Access Profiles and Entitlements sections.
    15.pngDescription displays the description your administrator has added to an access item. Account displays the unique account identifier for the user's account on the sources associated with the access profile.
    16.png

    Any exceptions for an access item appear below the Description and Account. Exceptions might include:

    • If the user was granted this access item since the last certification campaign, it is marked as New Access.
    • If an access item is sensitive, it is marked as Privileged.
      NOTES:
      • The first time you run a certification campaign for your users, all access items are marked as New Access.
      • At this time, access profiles can't be marked as privileged.
    17.pngIn the Entitlements section, you can see any entitlements the user has that are not part of access profiles.
    18.pngClick View to determine how much detail you can see about an entitlement. Options are Descriptions or Descriptions and Entitlements.

     

    For more information, see: