Skip to content

Certifications Overview

In order to be successful and secure within your organization, you need to know who has access to what and whether that access is correct. The Certifications service allows you to keep track of what your users can or can't access and monitors the risk factor of each user to ensure everyone has the access they need to work successfully.

Each round of reviews is called a certification campaign. Certifications are designed to keep your organization secure and successful by:

  • Reducing the risk of inappropriate access - Limit your risk of exposure by ensuring that the right users are accessing the right things.

  • Helping your company satisfy audit requirements - Easily meet and exceed regulatory standards by providing visibility into who has access to what.

  • Monitoring reviewers' decisions - IdentityNow tracks and reports all access-granting and revoking decisions.

Getting Started

To get started with Certifications, you'll first need to configure the basics. After your foundation data is set up, in order to start any type of certification campaign, you'll also need to:

  • Load accounts and entitlements from the direct connect or flat file source you want to certify.

  • Create access profiles and assign them to applications.

  • Be sure the names and descriptions of your access profiles and entitlements are descriptive and easy to understand for reviewers.

If you are certifying entitlements on a direct connect source, be aware of your company's preferred method for revoking access and meet the related prerequisites:

  • Automated Revocations - By default, IdentityNow automatically removes entitlements for direct connect sources after the reviewer revokes those items on a user's certification and then signs off of the system. To support the default behavior for sources that require IQService, ensure that you have IQService installed and configured correctly.

  • Manual Revocations - Direct connect sources can be configured to generate tasks that remind people to remove entitlements when they are revoked. To support this behavior, you need to request assistance from Expert Services so that the sources can be configured to generate these tasks. You will also not install IQService for sources that would normally require it. For more information, see Manual Remediation.