About Certifications

In IdentityIQ, certifications let you automate the review and approval of identity access privileges. In a certification, IdentityIQ collects fine-grained access or entitlement data, and formats the information into interactive reports, which are sent to the appropriate reviewers as access reviews. You can also use certifications to validate things like roles and account groups.

Certifications typically consist of multiple access reviews. For example, when you schedule a Manager Certification, a type of certification that asks managers to review and validate their direct reports' access, it will consist of an individual access review for each of the managers you choose to include as part of the campaign. However, it is possible to configure a certification such that it includes only one access review – for example, you might schedule a Manager Certification for just one specific manager, which means that there would only be one access review making up that certification.

When you configure the certification, you can set it up to annotate each access review with descriptive language that highlights changes, flags anomalies, and highlights where policy violations appear. The access reviews enable reviewers to:

• Approve access for identities

• Approve account group permissions and membership

• Approve role composition and membership

• Take corrective actions, such as revoking entitlements that violate policy

• Forward, reassign, or delegate all or part of the access review to another reviewer

For all corrective actions, IdentityIQ can fulfill certification revocations through automated or manual means, depending on the individual applications' connector configurations. IdentityIQ can also be configured to integrate with ticketing systems or other provisioning systems to fulfill provisioning requests.

The sections below will familiarize you with some terms and concepts related to certifications.