Identity Cloud

Certify access

In Identity Governance, certifying access means reviewing the data and access a user has, such as access to applications, the accounts in those applications, and more.

Steps to certify access

To certify access for users, you must:

  1. Create templates — Allows you to configure the data you want to certify.

  2. Run campaigns — After you create a template and are ready to kick off the review process, create a campaign.

  3. Certify data and access by end users — After you start a campaign, the template-defined end users (certifiers) receive notifications to review the data. The certifiers' review of the data is referred to as an access review.

Certifications tab

Certifications and related features can be found by selecting Certification from the left navigation bar in the Identity Cloud admin UI.

Three tabs display under Certification:

Overview tab

To access the Overview tab, from the Identity Cloud admin UI, go to Certification > Overview.

governance overview tab

The Overview landing page displays various metrics that allow you to view items such as campaign status, active reviews, and campaigns by type.

You can hover your cursor over the charts to view the data details.

Data Element Description

Active Campaigns

The number of campaigns currently in progress.

Expiring Campaigns

The number of campaigns that expire in the next two weeks.

Active Reviews

The total amount of line items in access reviews that are in progress. A line item is a record for a certifier to review. For example, the user Barbara Jensen’s record that details their access to a particular application is a line item.

Campaigns By Type

A breakdown of the varying types of certifications.

Campaigns By Status

A breakdown of certifications by status.

access review History

The number of line items certified versus revoked from campaigns.

Example of certifying access

As an example of certifying access, let’s say you want to know what applications a specific user, Barbara Jenson, has access to. You may want to do this for a couple of reasons; increasing your organization’s security landscape by ensuring users have accurate, appropriate access, or to comply with organizational, industry, or governmental policies. Barbara Jensen has an account and access to an application, called App A.

With Identity Governance, perform the following actions to achieve this:

  • Configure and assign end users (certifiers) in your organization to review Barbara’s access to App A using templates.

  • Kick off the data review using campaigns. Campaigns are the active processes, where certifiers review the data. In this case, it is Barbara’s data. Certifiers are assigned to review the data in a campaign.

  • Certifiers review Barbara’s data and either certify (allow) or revoke (remove) the access to App A.

Copyright © 2010-2024 ForgeRock, all rights reserved.