Skip to content

Creating and Managing Governance Groups

A governance group is a group of users that can make governance decisions. Currently, these decisions center around access requests. If your site has enabled the Access Requests module for IdentityNow, you might sometimes be asked to review users' access. A governance group can determine whether the access level is appropriate for the user requesting that access.

Before reviewing access, a governance group must be configured and have members. The group structure provides both control over who will see the request and flexibility beyond a single reviewer. When it's a group's turn to review an access request, everyone in the governance group will receive the access request, and only one member of the group needs to approve or revoke it.

Creating a Governance Group

You'll need to create the group first, before you can start adding members to it and using the group to manage access.

Prerequisites

Complete the following steps:

  1. Sign in to IdentityNow and go to Admin > Identities > Governance Groups.

  2. Click the New button above the list of governance groups.

    You will be taken to the Config tab of the governance group editor.

  3. Enter a Name, Description and Owner for the group.

    All fields in the Config tab are required. The Responsibilities field is static content as all governance groups can only be used for access requests at this time.

  4. Select Save.

    Your group will now be visible in the list on the Governance Groups page.

Note

If you need to delete one or several of the governance groups you've created, you can do so by clicking the checkbox next to each group you want to delete, or by clicking the bulk delete icon above the list.

Now that you have created a governance group, you can add members of your organization to it.

Managing Governance Groups

After you create a governance group, you need to manually add the appropriate members of your organization to it.

To manage governance groups, complete the following:

  1. Sign in to IdentityNow and go to Admin > Identities > Governance Groups.

  2. Select the Governance Group you want to add members to or create a new one.

  3. Select the Membership tab.

  4. Under Add Identity, type in the name of the identity you wish to add. Select their name from the list that appears.

    The name will appear under Identities. They are now a member of your governance group. You can add as many members as you want.

    To remove members, click the x icon in the row with their name.

  5. Select Save. Your governance group can now review access.

When your group is selected as the approver for an access profile, that access profile becomes visible in the Associations tab.

Notes

  • Governance groups don't update automatically when the lifecycle state for an identity changes from active to inactive, or when an identity is disabled. You will need to keep track of the identities in your group to make sure the right members are governing the right access.

  • If only one active identity remains in the governance group, they become the approver and will receive all requests and notifications for that group.

  • If a governance group is empty, any approvals for that group will be routed to the Org Admin.

Now that you’ve finished adding members to the governance group, the last step is to associate the group with a specific source.

Associating a Governance Group with a Source

After you’ve finished adding members to the governance group, you need to associate the group with the source they will be responsible for governing access for.

To take advantage of IdentityNow's scoped access, you can associate a source with a governance group and grant select users a sub-admin user level. Sub-admins can perform some actions only on the sources associated with the governance groups they are members of. The source and the user receiving the sub-admin user level must both be associated with the governance group.

Complete the following steps to associate a source with a governance group.

  1. Sign in to IdentityNow and go to Admin > Connections> Sources.

  2. Select the source you would like to associate with a governance group.

  3. On the Config tab, under Governance Group for Source Management (Optional), select the governance group you want to associate with the source.

  4. Select Save.

For more information about sub-admin user levels, see: