Decisions

Enable the certifier to provision missing role requirements from within an access review.

Enables certifiers to delegate individual access review items, such as a single role or entitlement, rather than the entire identity to be reviewed.

This option also enables the delegation of policy violations, either from inside an access certification or from the Manage > Policy Violations page.

Allow users to bulk revoke all entitlements for a given account.

Enable certifiers to delegate entire identities from a certification request.

Enables certifiers to allow exceptions on access review items such as roles or entitlements, that are not policy violations. Allowing an exception means the user should not have access indefinitely, but can retain access for a specified period of time.

Enables automatic deprovisioning of access when the allowed exception period has expired. This setting applies only to items such as roles or entitlements, that are not policy violations.

Enables certifiers to view the Allow Exception pop-up and manually set expiration dates.

Set the time period during which exceptions should be allowed. Input the number of units and unit type (hours, days, weeks or months) to use as the exception duration.

Set the default operation shown on the revocation dialog for remediation-modifiable attributes.

Note: This option is only visible if you have purchased and activated the SailPoint AI Services product.

Enable recommendations from AI Services to display in access reviews.

Note: This option is only visible if you have purchased and activated the SailPoint AI Services product.

Enable access review items to be automatically marked as approved by AI Services and move to the Access Certification Review tab for final approval.