Skip to content

Targeted Access Reviews

The access review might look different in your instance of IdentityIQ depending on the configuration and the options selected when the certification was defined.

For detailed information on certifications and access reviews, see About Certifications(LINK IN DOC).

For detailed information on completing an access review, see About Access Reviews(LINK IN DOC).

Access Review Details - Targeted

This page is comprised of all roles, entitlements and policy violations that are part of this access review.

The page contains three tabs:

  • Important – contains items that require immediate attention, such as returned delegations.

  • Open – all of the other access review items that have yet to be acted upon.

  • Review – the items on which a decision has been made.

By default the page opens with the Important tab displayed, if there are issues that require immediate action.

Targeted Page Features

The following features are available for all of the tabs:

  • List icon – click the icon to display a list of the identities that make up the access review.

  • Download to CSV icon – click the icon to download the access review list to a CSV file.

  • Information icon – click the information icon to get details about the access review, including due date, phase, and subordinate access reviews.

  • Columns – add, remove, or rearrange the columns displayed on the page.

  • Group By – rearrange the sort order of items on the page.

  • Filter – use a filter to limit the items displayed.

Note

The access recommendations icon is only displayed If SailPoint AI-Driven Identity Security was purchased and activated for your installation of IdentityIQ. See About SailPoint AI-Driven Identity Security(LINK IN DOC) for more information.

  • Access Recommendations – display the Decision Recommendation popup

  • Bulk Decision button – make the same decision for multiple items. If only one action is applicable, that action appears on the button.

  • Bulk select / deselect – click the box on the header line and choose to select or deselect multiple items.

Important Tab

The Important tab contains the following information:

Note

The Important tab is not displayed if no urgent issues exist.

Open Targeted - Important Tab

Column Description
Policy Name Name of the policy being violated.
Policy Description Description of the policy being violated.
Rule Specific rule that is being broken to cause the violation of the policy.
Owner Owner of the policy.
Identity Identity that is in violation.
Account Name The account name for the application with which the item is associated and the account status, enabled or disabled.
Application The application with which the item is associated.
Compensating Control Any compensating controls associated the policy. For example, in some cases managers may be exempt for certain separation of duty policies.
Conflict For separation of duties policy violations, the conflict that is causing the violation of the policy.
Description Description of the violation from the Policy Configuration page.
Remediation Advice Any correction advice associated with the policy. This advice is added when the policy is created.
Rule Description The description of the rule that has been broken.
Changes Detected This column flags any changes made to this access item for this identity, since the last time it was included in a certification of this type. For example, changes can be detected in an identity between one Manager certification and the next, but are not detected between a Manager certification and an Advanced certification for the same identity. Values can be:
  • No: the item has been certified before. Once an identity has been certified, any item that was previously certified will show as No each time a subsequent certification of this same type is generated
  • Yes: the item has not been certified. Once an identity has been certified, any new items that are detected the next time a certification of this same type is generated will have a Yes value.
  • New User: this identity has never been certified, in a certification of this type.
    		•

    Use the Decision column to Allow the violation, or click the menu icon to display additional options; Delegate, Comment, History, Details.

    Delegated items are still part of this access review and must be acted upon before it is complete.

    Use Reassign to reassign the policy violation decision to another user.

    The Open Tab

    The Open tab contains the following information by default. You can configure which columns appear on the Open tab by clicking the Columns button and adding, removing, or rearranging columns as needed.

    Column Description
    Type Role, entitlement, or account.
    Display Name The item name as it appears throughout the product.
    Description The description associated with the item.
    Classifications This column appears only if "Show Classifications" was enabled for the certification. If an entitlement has classification data associated with it, to flag that the permission gives access to potentially sensitive or otherwise protected data, a classification icon appears in this column. Click the icon to see details about the classification.
    Application The application with which the item is associated.
    Account Name The account name for the application with which the item is associated and the account status, enabled or disabled.
    Identity The identity associated with the role, entitlement, or account.

    Use the Decision column to Approve or Revoke the item, or click the menu icon to display additional options; Allow, Delegate, Revoke Account, Comment, History, Account Details.

    Click the recommendation icon for details about the recommendation. The access recommendations icon is only displayed If SailPoint AI-Driven Identity Security was purchased and activated for your installation of IdentityIQ. See the AI-Driven Identity Security documentation for more information.

    Revoking an account affects all role or entitlements with which it is associated.

    Delegated items are still part of this access review and must be acted upon before it is complete.

    Use the Bulk Decisions to make decision for multiple items or reassign items to another decision maker.

    Review Tab

    The Review tab contains all of the items upon which a decision has been made. Click the menu icon in the Decision column to change or undo a decision.

    Click the automatic approval icon for details about the approval. The the automatic approval icon is only displayed If SailPoint AI Services was purchased and activated for your installation of IdentityIQ. See About SailPoint AI-Driven Identity Security(LINK IN DOC) for more information.

    How To Perform a Targeted Access Review

    Note

    The options available in an access review are dependent on the configuration of IdentityIQ and the option defined when the certification was scheduled.

    Note

    Use Bulk Decisions to reassign items to another decision maker.

    1. Access the targeted access review from the My Access Reviews page or directly from your Home page.

    2. Select items individually and select an action in the Decision column.

      — OR —

      Select multiple items and select an action from Bulk Decision list.

    3. Click Save Decisions to move the completed items to the Review tab.

    Note

    Automatically approved items are displayed on the Review tab where you can accept the approval or change the decision as needed.

    1. Review your decisions on the Review tab and make any required changes.

    2. When all decisions have been made, click Sign-Off Decision to display the Sign Off on Certification dialog.