Identity Cloud

Review access for users

In Identity Governance, an access certification is the process of reviewing access for users. This includes various types of certifying, or validating, such as access to applications, the accounts in those applications, and more.

Steps for access certifications.
Figure 1. Review access for users (access certification) steps

To review data and approve or deny access you:

  • Create templates: Create templates to define the data to review, who is responsible for the review, and when the data needs to be reviewed (on a periodic or ad hoc basis). Often, organizations need to review the same data multiple times a year to ensure access is accurate. Templates make this process easier by providing saved templates.

  • Run campaigns: Campaigns are a process that runs when a template is run. When a campaign runs, it uses an existing template and the configurations of the template.

  • Certify access: When a campaign runs, tasks are assigned to one or more end users or certifiers. The template defines the tasks the certifier is responsible for. As an end user, review and complete the tasks assigned to you.

Certifications and related features can be found by selecting Certification from the left navigation bar in the Identity Cloud admin UI.

Three tabs display under Certification:

Overview tab

To access the Overview tab, from the Identity Cloud admin UI, go to Certification > Overview.

Administration overview tab for Identity Governance.
Figure 2. Certification overview tab

The Overview landing page displays various metrics that allow you to view items such as campaign status, active reviews, and campaigns by type. This page includes the following charts.

You can hover your cursor over the charts to view the data details.

Table 1. Identity Governance overview metrics
Data Element Description

Active Campaigns

The number of campaigns currently in progress.

Expiring Campaigns

The number of campaigns that expire in the next two weeks.

Active Reviews

The total amount of line-items in access reviews that are in progress. A line-item is a record for a certifier to review. For example, the user Barbara Jensen’s record that details their access to a particular application is a line-item.

Campaigns By Type

A breakdown of the varying types of certifications.

Campaigns By Status

A breakdown of all certifications by status.

Access Review History

The number of line-items certified versus revoked from all campaigns.
Copyright © 2010-2023 ForgeRock, all rights reserved.