Certification is the process of reviewing user roles, accounts, and entitlements and asserting its validity.

Certification is required for applications and systems across all operating companies. Managers and application owners of certifiable applications, roles, and entitlements are required to review access for direct reports.

Use Case

Certification Process - User Transfer

Use Case

Certification Process - User Transfer

Brief DescriptionCertification definitions are named sets of parameters configured in the IDM System Admin console to schedule certification review tasks for users, user groups, roles, entitlements, and accounts. Certification jobs are created and scheduled to run the certification definitions.
Catalog items can be marked as Certifiable under the Detailed Information section for the catalog item by IDM Administrators during the Application Onboarding process.
Users are selected as the Certifier for catalog items (Roles, Entitlements, and Accounts) during the Application Onboarding process, or through the certification definition selected under the primary reviewer.

Actors

  • Admin

  • Reviewer

Trigger Events

  • Modify User Attributes (Department, Job, Company, Manager)

  • Execution of Schedule Jobs

Preconditions

  • Attributes modified in IDM for User Transfer Certification

Post-Conditions

Success

  • Certify task created

Fail

  • Failed to generate Certification tasks
Basic Flow

Process Flow Steps of certification on user transfer

  • Modify attributes like Department, Job, Company, Manager in IDM
  • After modification, generate an event and run the user certification scheduled job
  • Schedule job pick the event and process it to certify
  • Create certification task and assign to the reviewer


Certification Process - Inbox Management

Use Case

Certification Process - Inbox Management

Brief DescriptionThe certification process can be performed through self-service via the Inbox management process and performed multiple tasks within.

Actors

  • Admin

  • Reviewer

Trigger Events

  • Inbox Management page opened

Preconditions

  • Attributes modified in IDM for User Transfer Certification

Post-Conditions

Success

  • Options in Inbox Management present

Fail

  • Options in Inbox Management not present
Basic Flow

Inbox Management:

  • User vi option to Certify, Revoke and Reassign the certification task
  • IDM sends a notification to the manager and proxy\delegate for task completion
  • IDM provides an option for the Certification Administrator to send an ad-hoc notification for task completion
  • IDM provides a bulk select option to act on multiple certification task at a time

Certify Certification Task

Use Case

Certify Certification Task

Brief DescriptionTasks can have multiple actions that can be performed. Certifying is one of them

Actors

  • Reviewer

Trigger Events

  • Task is performed

Preconditions

  • Certification task present in the system that needs action

Post-Conditions

Success

  • Task certified and Signed Off

Fail

  • Task unable to certify or sign off
Basic Flow

Certify Task:

  • The user selects 'Certify' to provide certification to the requester
  • IDM sends a notification to end-user
  • The user selects 'Sign off' on the task to remove from Inbox

Revoke Certification Task

Use Case

Revoke Certification Task

Brief DescriptionTasks can have multiple actions that can be performed. Revoking is one of them

Actors

  • Reviewer

Trigger Events

  • Task is performed

Preconditions

  • Certification task present in the system that needs action

Post-Conditions

Success

  • Certify events after being Revoked by Reviewer

Fail

  • Failed to generate Certification tasks
Basic Flow

Revoke Task:

  • The user selects 'Revoke' to deny access to the requester
  • IDM sends a notification to end-user
  • The user selects 'Sign off' on the task to remove from Inbox
  • IDM triggers closed-loop remediation in which automatically access privileges for accounts, roles, and entitlements following certification review are revoked.

Reassign Certification Task

Use Case

Reassign Certification Task

Brief DescriptionTasks can have multiple actions that can be performed. Reassigning is one of them

Actors

  • Reviewer

Trigger Events

  • Task is performed

Preconditions

  • Certification task present in the system that needs action

Post-Conditions

Success

  • Do not certify events after being reassigned by Reviewer

Fail

  • Task certified after reassigning
Basic Flow

Re-assign Task:

  • The user selects 'Reassign' to change the certifier
  • IDM sends a notification to a user or group of users selected for the reassigned task

Certification Task Expired

Use Case

Certification Task Expired

Brief DescriptionWhen the certification task is not performed for a certain time period, the task is expired.

Actors

  • IDM

Trigger Events

  • The task is not performed

Preconditions

  • Certification task present in the system that needs action

Post-Conditions

Success

  • Task expired after the designated period

Fail

  • Task not expired
Basic Flow

Expired Task:

  • User does not change task status for a designated period
  • IDM expires the task
  • IDM notifies the Certifier
  • IDM provides configuration to remove user account as a certifiable item


Certification and Policy Administration

Use Case

Certification and Policy Administration
Brief Description

The Management Console allows IDM Administrators and Power Users to create, define, and configure rules for certification of applications, roles, accounts, and entitlements.

Actors

  • IDM

  • Management Admin Console

Trigger Events

  • Certification rules, schedules are invoked

Preconditions

  • User has permission in Admin Console

Post-Conditions

Success

  • Certification rules able to modify

Fail

  • Certification rules unable to modify
Basic Flow

The basic idea is explained as follows:

  • The user enters the Admin Console
  • Use clicks on Certification option
  • Option to create, define and configure rules for certification of applications, roles, accounts, and entitlements is present
  • Each certification definition specifies users and\or user groups, as well as roles and entitlements that the certification applies to, the Application Instance, and the Reviewer(s) for the certification. 



Process Flow Diagram

The below diagram shows the process activities of certification user transfer

The below diagram shows the process activities of certification triggered after the scheduled job