Types of Certification
IdentityIQ provides these types of certification:
Targeted Certifications
The most flexible type of certification, designed to meet most organizations' full range of certification needs from a single place. In a Targeted Certification you can certify role, entitlement, and account access for a narrowly defined set of your users. The Targeted Certification gives you a high level of flexibility in choosing which parameters to include in the certification, such as who, what, and when to certify.
Manager Certifications
Certify that a manager's direct reports have the right entitlements they need to do their job, and no more than that. You can configure a Manager Certification to include all managers in the company, or only specific managers. You can also configure which applications you want to certify as part of the Manager Certification.
Application Owner Certifications
Certify that all identities that have access to applications for which the reviewer is responsible have the proper entitlements.
Entitlement Owner Certifications
Certify that all identities that have access to entitlements for which the reviewer is responsible are correct.
Advanced Certifications
Certify entitlements and roles for all identities included in a specific population or group.
Account Group Membership Certifications
Certify that all accounts which make up an account group are correct – that is, are the right accounts in the account group. Account groups that do not have owners assigned are certified by the owner of the application on which they reside.
Account Group Permissions Certifications
Certify that all permissions that are granted to an account group for selected application(s) are correct. Account groups that do not have owners assigned are certified by the owner of the application on which they reside.
Role Membership Certifications
Certify that roles for which the reviewer is responsible are assigned to the correct identities.
Role Composition Certifications
Certify that roles for which the reviewer is responsible are composed of the proper permissions and entitlements.
Identity Certifications
This type of certification is used for "one-off" certifications that are launched from the Identity Risk Score, Identity Search Results, or Policy Violation pages. These certifications verify the entitlement information for the identities, typically for at-risk users.
Event-Based Certifications
Certify the entitlement information for the identities selected based on events detected within IdentityIQ.