Lifecycle

Notify Users of Revocations

Select to enable email notifications to users that have items revoked.

Certification Escalation Rule

Select a rule from the dropdown list as the default rule that the system uses when an access review is escalated.

When Exceptions Expire

Select the action performed on a mitigation when it expires

Active Period Duration

Input the number of units and unit type (hours, days, weeks or months) to use as the default active period duration.

Enable Challenge Period

Select to enable default challenge period and its default duration.
The challenge period enables users to challenge requests from certifiers to remove access privileges.

Enable Revocation Period

Note: Select to enable the default revocation period and its default duration. The revocation period places a limit on the amount of time a revoker has to act on a revocation request before that request work item is escalated.

If the revocation period is disabled, the certification is not scanned for completed revocations and revocation status might not be accurately reflected throughout the product.

Default Revoker

Select the user to whom all bulk remediation requests are to be sent.
Bulk revocation requests are made during the certification process. You can select an item from the Select Bulk Action dropdown list on the Certification Report worksheet view or click Revoke All on the Certifications Decision tab.
If this field is left blank, the remediator is specified as part of the request process.

Enable Automatic Closing

Specifies that the remediation period should be enabled, during which IdentityIQ periodically scans users to determine whether the requested remediations have been carried out. Use the following options to configure the details of this process.

Time After Certification Expiration – select the amount of time following this access review expiration date that IdentityIQ should wait before attempting to automatically close it.

Closing Rule – select the rule that IdentityIQ runs at the beginning of the automatic closing process.

Action Taken On Undecided Items – the action that IdentityIQ assigns to any undecided items when automatically closing this access review. Choose from Approve, Revoke, or Allow Exception.

Comments – input the comments that IdentityIQ adds to any undecided items when automatically closing this access review.

Signer – select the identity who signs off on automatically closed access reviews. This setting is only configurable at the system setup level. Individuals who are scheduling certifications cannot define the signer.