cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

[New Experience] Review a certification

[New Experience] Review a certification

If your company has purchased the Certifications module in IdentityNow, you will be able to review and certify users' access from within the Certifications menu of IdentityNow. You will be able to review your users' roles, access profiles, entitlements, and apps. This functionality, known as a certification, allows you to see the data and accounts people are entitled to so that you can approve or reject those items.

For more info on switching between the new and classic experience, see Switch between the new and classic certifications experience.

Reviewing a Certification

Your administrator will typically create certification campaigns for all reviewers in your organization. When your administrator creates a certification campaign that contains access items or people you're responsible for, you'll receive a notification that certifications are ready for your review. You can see all your certifications by clicking Certifications in IdentityNow's main menu.

Prerequisite:

  • Your administrator has created a certification campaign

Review By Identity

Complete the following steps:

1. Sign in to IdentityNow and go to Certifications.

 

2. Under the Active tab, find the certification you want to work on. Each card represents a certification campaign and contains the following details:

  • Progress - The progress of the campaign as a percentage.
  • Due By - The campaign due date.
    • NOTE: If a campaign is overdue, this date is the only place to tell on the card. Days Overdue is shown during the certification process next to the calendar icon.
  • Owner - The campaign owner.
  • Continue - Continue an in-progress campaign.

Click the certification campaign of your choice to start or continue.

certs_first_card.png

3. From the list of identities on the left, click the identity you want to certify.

You'll see a list of access items for that user. Click an access item to view details about it.

4. In each section, beside each access item, click the check mark icon to Approve accessor the X icon to Revoke access.

You can click each access item listed to see additional details about that item. You can also click Details next to the name of the identity to see additional details about that identity.

When you make all the decisions for each identity, it will disappear from the list on the left, leaving only the remaining identities you need to work on.

certs_identity_list.png

5. When you have certified each user and the campaign is ready for signoff, click the banner at the top of the page.

 

6. Click Complete Certification to mark the certification as complete.

The certification moves to the Completed tab where you can view all your completed certification campaigns.

NOTES:

  • If you approve an access profile or entitlement, the user will keep that access, even if you revoke the same entitlements somewhere else in this certification.
  • You can also approve or revoke all access items in bulk using the checkboxes next to the access items.
  • When reviewing Roles, you can only Acknowledge, not approve. If you see an access profile, app, or entitlement that is contained within the role that is not appropriate for the identity in question, contact the Role Owner to have it removed. For more details, see Reviewing Roles.
  • To see details about all possible columns in the user interface, see Take a Tour of IdentityNow's User Pages.

Review By Access Item

Complete the following steps:

1. Sign in to IdentityNow and go to Certifications.

2. Under the Active tab, find the certification you want to work on. Each card represents a certification campaign and contains the following details:

  • Progress - The progress of the campaign as a percentage.
  • Due By - The campaign due date.
    • NOTE: If a campaign is overdue, this date is the only place to tell on the card. Days Overdue is shown during the certification process next to the calendar icon.
  • Owner - The campaign owner.
  • Continue - Continue an in-progress campaign.

Click the certification campaign of your choice to start or continue.

certs_first_card.png

4. Click View as Access to review and complete the campaign based on access items instead of identities.

certs_view_as_access.png

5. From the categories on the left, choose either Roles, Access Profiles, or Entitlements, and you'll see a list of pending access items for that category.

certs_access_categories.png

6. Click the access item you want to certify and you'll see all the identities related to that access item. 

7. Beside each access identity, click the check mark icon to Approve access or the X icon to Revoke access.

You can click each access item listed to see additional details about that item. When you make all the decisions for each access item, it will disappear from the list on the left, leaving only the remaining access items you need to work on.

certs_access_view.png
8. Click View as Identity to switch back to reviewing the campaign by identity at any time.

certs_view_identity.png

9. When you have certified each user and the campaign is ready for signoff, click the banner at the top of the page.

10. Click Complete Certification to mark the certification as complete.

The certification moves to the Completed tab where you can view all your completed certification campaigns.

clipboard_image_0.pngclipboard_image_1.png

NOTES:

  • If you approve an access profile or entitlement, the user will keep that access, even if you revoke the same entitlements somewhere else in this certification.
  • You can also approve or revoke all access items in bulk using the checkboxes next to the access items.
  • When reviewing Roles, you can only Acknowledge, not approve. If you see an access profile, app, or entitlement that is contained within the role that is not appropriate for the identity in question, contact the Role Owner to have it removed. For more details, see Reviewing Roles.
  • To see details about all possible columns in the user interface, see Take a Tour of IdentityNow's User Pages.

Reviewing Roles

Because they are assigned according to user attributes or other business logic, roles cannot be approved or revoked in an access certification campaign. They can only be acknowledged. Click Acknowledge to verify that you have reviewed the role's contents. All roles must be acknowledged in order to sign off on a certification campaign.

Additionally, any access profiles, applications, or entitlements associated with the role also cannot be approved or revoked. To see these items, click the number in the corresponding column. In the dialog box, click the tabs to view all of the role's contents.

What happens when I revoke an entitlement or access profile?

When you revoke an access profile or entitlement from a user, one of two things happens:

  • The access is automatically removed from the user
  • A task is sent to the owner of the source that the access comes from, and the source owner removes the access manually

In some cases, two different access profiles might have some overlapping entitlements. If you approve one access profile and revoke another, the user keeps all access that was approved, even though it was revoked somewhere else.

For example, a user has Access Profile #1, which contains entitlements A, B, and C. The user also has Access Profile #2, which contains entitlements A, D, and E. If you approve Access Profile #1 and revoke Access Profile #2, the user will still have entitlement A.

Version history
Revision #:
13 of 13
Last update:
3 weeks ago
Updated by: