Certifications

During a Certification Access Review, certifiers review the system entitlements granted to sets of identities. Access can be approved or revoked for an identity. This certification process can result in:

• Certificate Remediation – when an identity's access to a system is determined to be inappropriate for their job function, the certifier can revoke the entitlement through the Certification Access Review. This process creates a remediation provisioning request in IdentityIQ to remove that access from the source application.

• Provisioning through Certifications – when a business role is approved for an identity and that role includes required IT roles the identity does not have, the certifier is prompted to select whether the missing roles must be provisioned for the identity or whether the business role must be approved without provisioning the missing roles. If the certifier elects to provision the missing roles, a provisioning request is created.

Note: This provisioning option is only presented during the Access Review if the option Enable Provisioning of Missing Role Requirements is selected in the certification specification.
All revocations and provisioning requests from a specific access review are combined into a single provisioning plan and processed together except in certifications where revocations are processed immediately, such as certifications with the Process Revokes Immediately setting selected.