Configure data to review using templates

Templates are the first step in certifying access for users.

Templates are the underlying configurations of certifying access and define the data to review, who is responsible for the review, and when the data needs to be reviewed (on a periodic or ad hoc basis).

Often, organizations need to review the same data multiple times a year to ensure access is accurate. Templates make the certification process easier by saving the configuration settings used in the data review process.

Manage (create, duplicate, edit, or delete) templates on the Templates tab and schedule each campaign to run at a specific interval (if desired).

You can run templates on an ad-hoc or scheduled basis.

View saved templates

To view saved templates, from the Identity Cloud admin UI, click Certification > Templates tab. The page displays saved templates.

Field	Description
Name	The name of the template.
Next run date	A date displays when the template is configured to run according to a schedule. If the template runs ad-hoc, then (None Scheduled) displays.
Status	A template can be in one of the following states: Creating: The template is created in the background. This is a temporary state. Unused: The template is not part of a campaign. In this state, you can edit/modify the template. Active: The template is turned into a campaign. In this state, you can view the template details, but you can’t edit/modify it. The general sequence of states are Creating → Unused → Active.

Field

Description

Name

The name of the template.

Next run date

A date displays when the template is configured to run according to a schedule. If the template runs ad-hoc, then (None Scheduled) displays.

Status

A template can be in one of the following states:

Creating: The template is created in the background. This is a temporary state.
Unused: The template is not part of a campaign. In this state, you can edit/modify the template.
Active: The template is turned into a campaign. In this state, you can view the template details, but you can’t edit/modify it.

The general sequence of states are Creating → Unused → Active.

Which certification template to choose?

Identity Governance provides various certification templates to choose from. The underlying business objective you want to achieve determines which template type you choose.

Refer to the following table when determining which template type to choose:

Scenario	Identity certification	Entitlement assignment certification	Notes
You want to review the applications and entitlements a user has access to. The primary certifier (reviewer) of the certification should be users managers.			Not every user has entitlements. If you want to review the applications users have access to, and include those users who don’t have entitlements, choose the identity certification.
You want to review the specific entitlements assigned to users in onboarded target applications for accuracy. The primary certifier of the certification should be entitlement owners.			The entitlement assignment certification is the best choice in this scenario. It provides entitlement owners the ability to review the access users have to their entitlements.

Scenario

Identity certification

Entitlement assignment certification

Notes

You want to review the applications and entitlements a user has access to. The primary certifier (reviewer) of the certification should be users managers.

Not every user has entitlements. If you want to review the applications users have access to, and include those users who don’t have entitlements, choose the identity certification.

You want to review the specific entitlements assigned to users in onboarded target applications for accuracy. The primary certifier of the certification should be entitlement owners.

The entitlement assignment certification is the best choice in this scenario. It provides entitlement owners the ability to review the access users have to their entitlements.

Create templates

Before you create a template, consider creating custom governance glossary attributes to enhance the data for onboarded target applications, entitlements, or roles. This will assist with template filtering and business decisions.

To create a template:

Navigate to the Certification > Templates tab.
Click + New Template.
Select the template type:
- Identity certification - Review and certify user accounts, entitlements, and access a user has on some or applications. Primary reviewers are the users' managers, a single user, or users assigned to a role.
- Entitlement assignment certification - Review and certify entitlements and the users who have access to entitlements in onboarded target applications. Primary reviewers are entitlement owners, a single user, or users assigned to a role.
Click Next.

To continue setting up the template you select, click on the preceding links in step 3.

Modify templates

You can modify various template items:

From the Identity Cloud admin UI, go to Certification > Template tab.

Locate the template and click the ellipsis (...) to perform various actions:

To view additional templates, click the caret icons at the bottom of the table.

Field	Description
Duplicate	Duplicate the template details to create a new template, and edit/modify as needed. The characters (copy) are appended to the newly duplicated template.
View Details	This option displays if the template has been run at least once. It provides a read-only view into the configurations on the template. After you run a template, you can’t change the configuration settings.
Edit Template	This option displays if you create the template, but never run it to create a campaign. In this case, you can edit/modify the template configuration.

Field

Description

Duplicate

Duplicate the template details to create a new template, and edit/modify as needed. The characters (copy) are appended to the newly duplicated template.

View Details

This option displays if the template has been run at least once. It provides a read-only view into the configurations on the template. After you run a template, you can’t change the configuration settings.

Edit Template

This option displays if you create the template, but never run it to create a campaign. In this case, you can edit/modify the template configuration.

Activate templates

Activate a template to kick off the review process (a campaign).

You can activate a template by:

Creating a schedule when you define the template.
Adding a schedule to the template after you define the template.
Running the template on an ad-hoc basis.

To activate a template:

From the Identity Cloud admin UI, go to Certification > Template tab.

Locate the template and click to perform various actions:

To view additional templates, click the caret icons at the bottom of the table.

Action

Field

Run Now

This activates the template and kicks off the review process (campaign). When selected, the active campaign displays in the Campaigns tab.

When you create a template, if you select Run on a schedule under the When to Certify section. The campaign runs on the set schedule and display on the Campaigns tab at the specified interval.

Schedule Campaign

This option displays if you did not configure a schedule when creating the template. This creates a run schedule for the template.

Edit Schedule

This option displays if you did configure a schedule when creating the template, but you would like to modify the existing schedule.

Delete a template

To delete an existing template:

From the Identity Cloud admin UI, go to Certification > Template tab.
Locate the template, click , and click Delete. This action cannot be undone.

You can only delete templates in the Creating or Unused states. This action cannot be undone.