Targeted Certification: Additional Settings

Use the Additional Settings section to configure general information and reviewer options for the certification.

Certification Name

A name to identify the certification to certification owners. You can use free text as well as parameterized dates such as creation day, quarter, or year.

Certification Owner

The identity or workgroup responsible for the certification.

Advanced Options

Enable Bulk Clear Decisions

Allow certifiers to cancel multiple decisions simultaneously in the access review.

Update Entitlement Assignments

Enable this to cause decisions made on entitlement values in the access review to apply to the entitlement assignment model. When this is enabled, approvals create assignments, and revocations remove assignments.

Enable Partitioning

Partitioning aids the performance of certification scheduling, by subdividing activity across multiple threads, to increase processing throughput and speed. If you enable partitioning, you also set the Number of Partitions.If you do not enter a number, IdentityIQ will calculate an optimal number.

Show Recommendations

Enable recommendations from AI Services to appear in access reviews. This option is visible only if you have implemented SailPoint AI Services.

Automatically Approve Recommended Items

Automatically mark access review items that are recommended for approval as Approved, and move them from the Open to the Review tab of the access review. This option is visible only if you have implemented SailPoint AI Services.

Show Classifications

Show classification information in the access reviews. When enabled, classifications provide additional information about roles, managed attributes and policy violations.

Show Elevated Access

When enabled, this will show roles or entitlements that have elevated access.

Delegation Options

Require Delegation Review

Enable this option to require the original access review owner to review all delegated access reviews.

Line Item Delegation

Enable this option to allow certifiers to delegate individual items from an access review.

Identity Delegation

Enable this option to allow certifiers to delegate entire identities in an access review.

Disable Delegation Forwarding

Select to disallow the forwarding of a work item that was delegated by a different user.

Pre-Delegation Rule

Select a pre-delegation rule from the dropdown list. Pre-delegation rules do not support reassignments in the Targeted Certification. Use the Primary Certification field in a Certifier type rule for reassignment.

Email Owner on Pre-Delegation Completion

Send a email to the owner of the original certification upon completion of the certification by the delegates

Approve Options

Require Comments For Approval

Enable this option to require the certifier to include comments when an access review item is approved.

Enable Bulk Approval

Enable this option to allow users to bulk approve access review items.

Revoke Options

Enable Bulk Revocation

Enable this option to allow users to bulk revoke access review items.

Enable Account Revocation

Enable this option to allow users to bulk revoke all entitlements for a specific account.

Enable Bulk Account Revocation

Enable this option to allow users to revoke all entitlements for a specific account in bulk.

Require Comments for Revocation

Require the certifier to include comments when a certification item is revoked.

Allow Options

Enable Allow Exceptions (applies only to non-policy violation items)

Enables certifiers to allow exceptions on access review items such as roles or entitlements, that are not policy violations. Allowing an exception means the user should not have access indefinitely, but can retain access for a specified period of time.

Deprovision Items When Exception Expires (applies only to non-policy violation items)

Enables automatic deprovisioning of access when the allowed exception period has expired. This setting applies only to items such as roles or entitlements, that are not policy violations. This option is available only when the Enable Allow Exceptions option is also enabled.

Enable Bulk Allow Exceptions

Enable this option to allow users to allow exceptions in bulk.

Enable Allow Exception Popup

Enable this option to allow certifiers to view the Allow Exception popup and manually set expiration dates and allow comments. This applies to both violation and non-violation items.

Require Comments When Allowing Exceptions

Enable this option to require the certifier to include comments when an exception is allowed.

Default Duration for Exceptions

Set a default time period for which exceptions are allowed during the access review.

Access Review Properties

Custom Name

The name of the access review(s). If you do not enter a name here, IdentityIQ will use a default name that includes the type of the certification and the date it was generated. You can use free text as well as parameterized dates such as creation day, quarter, or year.

Custom Short Name

A shorter name for the access review(s). You can use free text as well as parameterized dates such as creation day, quarter, or year.