Skip to content

Working with certifications

To be successful and secure within your organization, you need to know who has access to what and whether that access is correct. You can review this access through certifications. Certifications allow you to review your users' roles, access profiles, entitlements, and apps to keep your organization safe and secure.

Reviewing certifications

When your administrator creates a certification campaign containing access items or identities (users) you're responsible for, you'll receive a notification that certifications are ready for your review. You can review your active certifications by identities or access items.

To review certifications

  1. From the navigation menu, select Certifications.

  2. In the Active tab, select the certification you want to work on.

  3. Review the certification by identity or access items:

    • Identities: From the list of identities, select the identity you want to certify. You'll see a list of access items for that user. Select an access item to view its details.

    • Access items: Select the View as Access toggle at the top of the page. From the list on the left, choose either Roles, Access Profiles, or Entitlements to see a list of pending access items for that category. You can select the toggle to switch back to View as Identity at any time.

  4. In each section, beside each access item, select Approve (Approve icon) to approve access or Revoke (Revoke icon) to revoke access. You can leave comments with your decision or select a revocation date for the access by selecting the Options menu (Options icon). In the new window, enter the revocation date or any comments about the certification and select Submit.

    If your organization has SailPoint's Recommendations service, you can use the recommendations to help guide your decision-making process.

  5. When you have certified each user and the campaign is ready for sign-off, select the banner at the top of the page.

  6. Select Complete Certification to mark the certification as complete.

The certification moves to the Completed tab where you can view all your completed certification campaigns.

You can update a decision after the certification is completed by selecting the Options menu (Options icon). Here, you can add or modify a revocation date, add additional comments, or change your decision.

Access flags

When you review an access item for a certification, you may see an icon under the Flags column. This icon alerts you of any information you should consider when approving access. You may encounter the following flags:

Name Icon Definition
New Access New Access icon The access has not been certified previously.
Privileged Access Privileged Access icon The user has access to more sensitive data. Admin, payroll, and HR are just a few examples of privileged access.
Birthright Access Birthright Access icon The access has been granted by automated rules, such as lifecycle states.
Comments Comments icon There are comments associated with this access.
Timebound Access Comments icon The access has a set end date.

Reassigning certifications

Sometimes, you may need to reassign certifications to other users. You may be going on vacation and will be out of office or maybe someone is better suited for that approval. In any case, you can reassign your certifications to ensure users get access to the data and applications they need.

On the Certifications page, you can review and reassign certifications by users, known as identities, or by access items.

To reassign a certification

  1. From the navigation menu, select Certifications.

  2. Select the active certification you want to reassign.

  3. Choose how you want to reassign the certification:

    • By Identity – From the list of users, select the check box for the new assignee and select Reassign. You can also reassign the certification to multiple users.

    • By Access Item – Select the View as Access toggle at the top of the screen. From the list on the left, choose either Roles, Access Profiles, or Entitlements to see a list of access items for that category. In the Identities tab, select the identity related to the access item you want to reassign. Select the Options menu (Options icon) in the Decision column and then select Reassign.

    Note

    If you reassign an item in the Identities tab, you are only reassigning that specific access item. Select the View as Identity toggle to reassign the entire identity.

  4. In the Reassign window, type or select the name of the reviewer you want to reassign the certification to.

  5. In the Add Comments field, enter any comments about the reassignment.

    Best practice

    Include your name as well as the reason for the reassignment. The new reviewer may need to contact you with questions.

  6. Select Reassign.

Repeat these steps for any additional users you want to reassign.

Reviewers will receive an email about the reassignment and can see the certification in their list of active certifications.