When you're completing a certification, you can review a variety of information from the User Certification Screen so that you can approve or revoke the access of the identities you're reviewing.
This page includes a list of items that the user has access to. You can approve or revoke their access to each of these items.
NOTE: Entitlements are grouped by the source they come from. Within each group, entitlements marked as privileged come first. After that, entitlements are ordered alphabetically.
|Click All Users to go back to the User Certification list.|
|Use < and > to page through the people you need to certify.|
|The IdentityNow display name of the person you're certifying.|
|Cancel reverts any changes you have made and Save Decisions saves your changes.|
|In the Roles section, you'll see any roles associated with your user. Roles are bundles of access that you can grant to an employee or group of employees. Roles cannot be revoked, but can be used to review and acknowledge the access profiles, entitlements, and apps that are contained within them.|
|In the Access Profiles column of the Roles section, you'll see any access profiles assigned to your user through a role. Click the number to see a list of access profiles granted through the role. Access profiles that were granted to users by a role are included in certification campaigns for review only. (For the Access Profiles section, see number 9.)|
|In the Applications column, you can see any apps that the user can access as a result of the access profile you're certifying. Click the number to see a list of the apps tied to any access profile.|
|The Entitlements column displays the number of entitlements in the access profile. Click the number to see a list of the entitlements.|
|In the Decisions column for Roles, click Acknowledge to confirm that you have reviewed the contents of the role. All roles must be acknowledged in order to sign off on a campaign.|
|When you click a number in a column, a popup will appear to show the contents of the Role or Access Profile.|
|In the Access Profiles section, you'll see any access profiles that your user has that need to be certified. Access profiles are bundles of entitlements that sometimes grant access to apps.|
|Decisions Left indicates the number of items remaining in that section that still need to be approved or revoked.|
|Click the Actions icon and select an action to perform on selected access items.|
|In the Decision column for Access Profiles and Entitlements, click Approve or Revoke for each item the user can access. Be sure to make a decision for each item in both the Access Profiles and Entitlements sections.|
|Description displays the description your administrator has added to an access item. Account displays the unique account identifier for the user's account on the sources associated with the access profile.|
Any exceptions for an access item appear below the Description and Account. Exceptions might include:
- If the user was granted this access item since the last certification campaign, it is marked as New Access.
- If an access item is sensitive, it is marked as Privileged.
- The first time you run a certification campaign for your users, all access items are marked as New Access.
- At this time, access profiles can't be marked as privileged.
|In the Entitlements section, you can see any entitlements the user has that are not part of access profiles.|
|Click View to determine how much detail you can see about an entitlement. Options are Descriptions or Descriptions and Entitlements.|
For more information, see: