• Admin

• Reviewer

• Modify User Attributes (Department, Job, Company, Manager)

• Execution of Schedule Jobs

• Attributes modified in IDM for User Transfer Certification

Success

• Certify task created

Fail

• Failed to generate Certification tasks

Process Flow Steps of certification on user transfer

• Modify attributes like Department, Job, Company, Manager in IDM
• After modification, generate an event and run the user certification scheduled job
• Schedule job pick the event and process it to certify
• Create certification task and assign to the reviewer

• Admin

• Reviewer

• Inbox Management page opened

• Attributes modified in IDM for User Transfer Certification

Success

• Options in Inbox Management present

Fail

• Options in Inbox Management not present

Inbox Management:

• User vi option to Certify, Revoke and Reassign the certification task
• IDM sends a notification to the manager and proxy\delegate for task completion
• IDM provides an option for the Certification Administrator to send an ad-hoc notification for task completion
• IDM provides a bulk select option to act on multiple certification task at a time

• Reviewer

• Task is performed

• Certification task present in the system that needs action

Success

• Task certified and Signed Off

Fail

• Task unable to certify or sign off

Certify Task:

• The user selects 'Certify' to provide certification to the requester
• IDM sends a notification to end-user
• The user selects 'Sign off' on the task to remove from Inbox

• Reviewer

• Task is performed

• Certification task present in the system that needs action

Success

• Certify events after being Revoked by Reviewer

Fail

• Failed to generate Certification tasks

Revoke Task:

• The user selects 'Revoke' to deny access to the requester
• IDM sends a notification to end-user
• The user selects 'Sign off' on the task to remove from Inbox
• IDM triggers closed-loop remediation in which automatically access privileges for accounts, roles, and entitlements following certification review are revoked.

• Reviewer

• Task is performed

• Certification task present in the system that needs action

Success

• Do not certify events after being reassigned by Reviewer

Fail

• Task certified after reassigning

Re-assign Task:

• The user selects 'Reassign' to change the certifier
• IDM sends a notification to a user or group of users selected for the reassigned task

• IDM

• The task is not performed

• Certification task present in the system that needs action

Success

• Task expired after the designated period

Fail

• Task not expired

Expired Task:

• User does not change task status for a designated period
• IDM expires the task
• IDM notifies the Certifier
• IDM provides configuration to remove user account as a certifiable item

The Management Console allows IDM Administrators and Power Users to create, define, and configure rules for certification of applications, roles, accounts, and entitlements.

• IDM

• Management Admin Console

• Certification rules, schedules are invoked

• User has permission in Admin Console

Success

• Certification rules able to modify

Fail

• Certification rules unable to modify

The basic idea is explained as follows:

• The user enters the Admin Console
• Use clicks on Certification option
• Option to create, define and configure rules for certification of applications, roles, accounts, and entitlements is present
• Each certification definition specifies users and\or user groups, as well as roles and entitlements that the certification applies to, the Application Instance, and the Reviewer(s) for the certification.