Creating and Managing Governance Groups

A governance group is a group of users that can make governance decisions about access. If your organization has the Access Request or Certifications service, you can configure governance groups to review access requests or certifications. A governance group can determine whether specific access is appropriate for a user.

Before reviewing access, a governance group must be configured and have members. Governance groups provide control over who will review requests and the flexibility for multiple reviewers. When it's a group's turn to review an access request or certification, every user in the governance group will receive a notification. Any member of the group may take the requested action on behalf of the group.

Creating a Governance Group

You'll need to create a governance group before you can use the group to manage access.

Go to Admin > Identities > Governance Groups.
Select the New button above the list of governance groups to configure a new governance group.
In the Config tab, enter a Name, Description, and Owner for the group.

All fields in the Config tab are required. The Responsibilities field is static content as all governance groups are automatically available for use in both access requests and certifications.
Select Save to create the governance group.

Your group will now be visible in the list on the Governance Groups page.

Note

To delete governance groups you've created, select the checkbox next to each group you want to delete and select Delete from the Actions menu .

You can now add members of your organization to the new governance group.

Managing Governance Group Members

After you create a governance group, you need to manually add the appropriate members of your organization to it.

Go to Admin > Identities > Governance Groups.
Select the Governance Group you want to add members to or create a new one.
Select the Membership tab.
Under Add Identity, type the name of the identity you wish to add. Select their name from the list that appears.

The name will appear under Identities. They are now a member of your governance group. You can add as many members as you want.

To remove members, select the X icon in the row with their name.
Select Save to add the members to the governance group.

When your group is selected as the approver for an access profile, that access profile becomes visible in the Associations tab.

Notes

Governance groups don't update automatically when the lifecycle state for an identity changes from active to inactive, or when an identity is disabled. You will need to keep track of the identities in your groups to make sure the right members are governing the right access.
If only one active identity remains in the governance group, they become the approver and will receive all requests and notifications for that group.
If a governance group is empty, any work assigned to that group will be routed to the Org Admin.

Now that you’ve finished adding members to the governance group, you can associate the group with a specific source to use source sub-admins.

Associating a Governance Group with a Source

To take advantage of IdentityNow's scoped access, you can associate a source with a governance group and grant select users a sub-admin user level. Sub-admins can perform some actions only on the sources associated with the governance groups they are members of. The source and the user receiving the sub-admin user level must both be associated with the governance group.

To associate a source with a governance group:

Go to Admin > Connections > Sources.
Select the source you would like to associate with a governance group.
In the Config tab, go to the Governance Group for Source Management (Optional) section. Select the governance group you want to associate with the source.
Select Save to associate the governance group with the source.

For more information about sub-admin user levels, refer to:

Source Admin and Source Sub-Admin User Levels.
Role Admin and Role Sub-Admin User Levels.