Certifying Roles
Simplifying the certification process is a key benefit of implementing roles. Both assigned business roles and detected IT roles are shown on certifications. Detected roles only show as independent line items in a certification if they are not required or permitted by an assigned business role for the identity; when they are part of an assigned business role, they are hidden behind the business role in the certification process, though they can be seen by drilling into the business role details
When certifiers revoke a business role, they are prompted to choose which of the required and permitted IT roles to revoke as well. The underlying entitlements are only revoked when the required / permitted IT roles which include them are revoked.
For more information on the certifications that can certify roles, see Types of Certification.