Working with certifications
To be successful and secure within your organization, you need to know who has access to what and whether that access is correct. You can review this access through certifications. Certifications allow you to review your users' roles, access profiles, entitlements, and apps to keep your organization safe and secure.
Reviewing certifications
When your administrator creates a certification campaign containing access items or identities (users) you're responsible for, you'll receive a notification that certifications are ready for your review. You can review your active certifications by identities or access items.
To review certifications
-
From the navigation menu, select Certifications.
-
In the Active tab, select the certification you want to work on.
-
Review the certification by identity or access items:
-
Identities: From the list of identities, select the identity you want to certify. You'll see a list of access items for that user. Select an access item to view its details.
-
Access items: Select the View as Access toggle at the top of the page. From the list on the left, choose either Roles, Access Profiles, or Entitlements to see a list of pending access items for that category. You can select the toggle to switch back to View as Identity at any time.
-
-
In each section, beside each access item, select Approve (
) to approve access or Revoke (
) to revoke access. You can leave comments with your decision or select a revocation date for the access by selecting the Options menu (
). In the new window, enter the revocation date or any comments about the certification and select Submit.
-
When you have certified each user and the campaign is ready for sign-off, select the banner at the top of the page.
-
Select Complete Certification to mark the certification as complete.
The certification moves to the Completed tab where you can view all your completed certification campaigns.
You can update a decision after the certification is completed by selecting the Options menu (). Here, you can add or modify a revocation date, add additional comments, or change your decision.
Access flags
When you review an access item for a certification, you may see an icon under the Flags column. This icon alerts you of any information you should consider when approving access. You may encounter the following flags:
Name | Icon | Definition |
---|---|---|
New Access | ![]() |
The access has not been certified previously. |
Privileged Access | ![]() |
The user has access to more sensitive data. Admin, payroll, and HR are just a few examples of privileged access. |
Birthright Access | ![]() |
The access has been granted by automated rules, such as lifecycle states. |
Comments | ![]() |
There are comments associated with this access. |
Timebound Access | ![]() |
The access has a set end date. |
Reassigning certifications
Sometimes, you may need to reassign certifications to other users. You may be going on vacation and will be out of office or maybe someone is better suited for that approval. In any case, you can reassign your certifications to ensure users get access to the data and applications they need.
On the Certifications page, you can review and reassign certifications by users, known as identities, or by access items.
To reassign a certification
-
From the navigation menu, select Certifications.
-
Select the active certification you want to reassign.
-
Choose how you want to reassign the certification:
-
By Identity – From the list of users, select the check box for the new assignee and select Reassign. You can also reassign the certification to multiple users.
-
By Access Item – Select the View as Access toggle at the top of the screen. From the list on the left, choose either Roles, Access Profiles, or Entitlements to see a list of access items for that category. In the Identities tab, select the identity related to the access item you want to reassign. Select the Options menu (
) in the Decision column and then select Reassign.
Note
If you reassign an item in the Identities tab, you are only reassigning that specific access item. Select the View as Identity toggle to reassign the entire identity.
-
-
In the Reassign window, type or select the name of the reviewer you want to reassign the certification to.
-
In the Add Comments field, enter any comments about the reassignment.
Best practice
Include your name as well as the reason for the reassignment. The new reviewer may need to contact you with questions.
-
Select Reassign.
Repeat these steps for any additional users you want to reassign.
Reviewers will receive an email about the reassignment and can see the certification in their list of active certifications.