Skip to content

Access Review Pages

The layout of the access review pages can be customized during the configuration of IdentityIQ. The organization of the pages can vary from the descriptions in this documentation, the function of the product should not be affected.

My Access Reviews

The My Access Reviews page lists all the access reviews assigned to you. How you access this page is determined by how your IdentityIQ instance is configured. It can be accessed through:

  • The Access Reviews tile on your IdentityIQ home page

  • The My Work > My Access Reviews menu

  • The Quicklink (left navigation) menu, through My Tasks > Access Reviews or through a custom Quicklink menu your organization has configured

From this page, you can click Start to begin the review; in-process reviews can be reopened by clicking Continue. Depending on how IdentityIQ is configured for your organization, you may also have options here to forward the review to another user. See Forwarding Reviews(LINK IN DOC) for more details.

This page includes:

  • The name of the access review

  • A percentage progress wheel, showing how much of this review has been done so far

  • When the review is due

  • How many individual review items you have, and how many are completed

  • Who requested the review – this is the person who set up the certification

  • The phase the review is in – see Phases of a Certification(LINK IN DOC) for more information

Access Review Details

Starting or opening an access review opens a page with detailed information about access, and options for making decisions. The layout and information will vary depending on the type of access review. See Types of Certification(LINK IN DOC) for more information.

Access Review Page Overview

Use this page to review access review requests. The information displayed on this page is dependent on the access review type and options selected at scheduling.

There are five access review types:

  • Targeted – used for Targeted certifications

  • Identity – used for Manager, Application Owner, and Advanced certifications

  • Object – used for Entitlement Owner and Role Member certifications

  • Role Composition – used for Role Composition certifications

  • Account Group/Application Object – used for Account Group certifications

Only top-level roles are displayed as line items. For example, if a role contains required or permitted roles, those roles are certified as part of the top-level role in the same way that the entitlements that make up a role are certified with the role.

If an identity has a role assigned to it multiple times, that role is displayed multiple times and each one must be reviewed and acted on individually.

All of the access review detail pages include the following information, but it might display differently depending on the access review type:

Access Review Information

Displays the administrative and statistical information for the access review.

Filter

Enables you to filter the information displayed on the page.

Access Review Decision Tab

Displays the list of items that must be certified before this access review is Review. This list can contain entitlements, account groups, roles, or identities based on the access review type and the default settings of IdentityIQ.

See Access Review – Common Information(LINK IN DOC) for common terms and detailed information on access reviews.

Access Review – Common Information

This section provides information on the common access review information. This information is displayed differently for the different access review types, if it is available. This section also contains electronic signature information, if that feature is enabled.

This information is displayed on the information panel.

Due

The date on which this access review is due.

Owner

The identity to whom this access review is assigned.

Phase

The phase at this time and the date when this phase ends.

Revocations

This number reflects the fraction of revocation requests completed for this access review a compared to the total number requested. The revocation competition status is updated at an interval specified during the deployment of IdentityIQ. By default this is performed daily.

Tags

Listed are any tags assigned to the certification when the certification was scheduled. Tags are used to classify certifications for searching and reporting purposes.

Review

You may be able to sign off an access review until all subordinate reviews are complete, based on how this certification was scheduled. Click Additional Reviews in the status panel to view the subordinate reviews associated with the one displayed. Click a subordinate access review to display the Access Review Decision page. See Subordinate Access Reviews(LINK IN DOC).

A completion notice displays in the Access Review Information panel when all items and subordinate access reviews are in a complete state. Before IdentityIQ recognizes an access review as complete, you must click Sign Off and verify that certification is complete on the Sign off Access Review screen. Additional sign off information is required if your installation is configured to require an electronic signature.

Subordinate Access Reviews

Subordinate access review are any access reviews that must be completed before the top-level certification can be considered completed. Examples of subordinate access reviews can include any groups of identities that you reassign, or any lower-level, subordinate, manager access reviews. Lower-level manager access reviews can be created when Manager Certifications are scheduled and can be required as part of that process.

Subordinate access reviews are not displayed as part of the access review list and do not show as part of the completion status for this access review. When specified, subordinate access reviews must be in a complete state before the top-level certification can be signed off.

The Access Reviews link displays with the Access Review Decision page if subordinate access reviews exist. Click Access Reviews to expand a table containing the following information:

Column Description
Name The name and descriptive information about the top-level certification.
Owner The current owner of the subordinate access review requests.
Percent Complete The percentage of the subordinate access review that was acted upon and is in a complete state.
Open The number of subordinate items that are still in the open state.
Completed The number of subordinate items that are in the completed state.
Delegated The number of subordinate items that the current owner delegated to different users.
Action Click an icon to specify an action to take on the subordinate certification.
  • Return -- return the subordinate access review items to the review that generated the items and delete the subordinate access review.
  • Email -- generate an email to send to the owner of the original access review.
  • Forward -- forward the subordinate access review to a different, qualified certifier.
    		•