Account Group Membership and Account Group Permission Access Reviews
The access review might look different in your instance of IdentityIQ depending on the configuration and the options selected when the certification was defined. These are all account group list-type certifications.
For detailed information on certifications and access reviews, see About Certifications(LINK IN DOC).
For detailed information on completing an access review, see Access Review Decisions / Operations(LINK IN DOC).
Access Review Details - Account Group List
The list is composed of all of the account groups, application objects, that make up this access review.
The object list page contains three tabs:
-
Important -- contains items that require immediate attention, such as returned delegations.
-
Open -- all of the other access review items that have yet to be acted upon.
-
Review -- the items on which a decision has been made.
By default the page opens with the Important tab displayed, if there are issues that require immediate action.
Object List Page Features
The following features are available for all of the tabs:
-
Object list icon -- click the icon to display a list of the items that make up the access review.
-
Download to CSV icon -- click the icon to download the access review list to a CSV file.
-
Information icon -- click the information icon to get details about the access review, including due date, owner, phase, number of completed items and revocations.
-
Columns -- add, remove, or rearrange the columns displayed on the page.
-
Group By -- rearrange the sort order of items on the page.
-
Filter -- use a filter to limit the items displayed.
-
Bulk Decision button -- make the same decision for multiple items. If only one action is applicable, that action appears on the button.
-
Bulk select / deselect -- click the box on the header line and choose to select or deselect multiple items.
Important Tab
The Important tab contains the following information:
Note
The Important tab is not displayed if no urgent issues exist.
Account Group Permissions List -- Important Tab
| Column | Description |
|---|---|
| Account Group | The account group name. |
| Type | The type of the account group. |
| Description | Description of the account group. |
| Attribute | The attribute associated with this account group. |
| Entitlements | Any entitlements associated with the account group. |
| Return Comment | Any comments associated with this item. |
| Decision | The decision made by the reviewer to whom this item was delegated. |
Account Group Membership List -- Important Tab
| Column | Description |
|---|---|
| First Name | The first name of the account group member. |
| Last Name | The last name of the account group member. |
| Type | The type of the account group. |
| Description | Description of the account group. |
| Return Comments | Any comments associated with this item. |
| Decision | The decision made by the reviewer to whom this item was delegated. |
Delegated items are still part of this access review and must be acted upon before it is complete.
Use Reassign to reassign the policy violation decision to another user.
Open Tab
The Open tab contains the following information:
Account Group Permissions List -- Open Tab
| Column | Description |
|---|---|
| Account Group | The account group name. |
| Type | The type of the account group. |
| Description | Description of the account group. |
| Attribute | The attribute associated with this account group. |
| Entitlements | Any entitlements associated with the account group. |
Account Group Membership List -- Open Tab
| Column | Description |
|---|---|
| First Name | The first name of the account group member. |
| Last Name | The last name of the account group member. |
| Type | The type of the account group. |
| Account | The name of the account associated with this member. |
| Description | Description of the account group. |
Use the Decision column to Approve or Revoke the item, or click the menu icon to display additional options; Allow, Delegate, Revoke Account, Comment, History, Account Details.
Revoking an account affects all role or entitlements with which it is associated.
Delegated items are still part of this access review and must be acted upon before it is complete.
Use Bulk Decisions to make decision for multiple items or reassign items to another decision maker.
Review Tab
The Review tab contains all of the items upon which a decision has been made. Click the menu icon in the Decision column to change or undo a decision.
How to Perform an Account Group Access Review
Note
The options available in an access review are dependent on the configuration of IdentityIQ and the option defined when the certification was scheduled.
Note
Use Bulk Decisions to reassign items to another decision maker.
-
Access the access review details page from the My Access Reviews page or directly from your Home page.
-
Take action on individual items.
--- OR ---
Use the select boxes and select an action from Bulk Decision list.
-
Click Save Decisions.
-
When all decisions have been made, click Sign-Off Decision to display the Sign Off on Certification dialog.