An audit can be considered as a project with a start date and end date. We might want to audit or certify multiple items using an audit. For example, in a Q1 audit you might want to certify, an external partner, identify as well as a member of certain high-risk management roles. These items are specified in one or more recertification policies. As a project might have multiple deliverables an audit can have multiple recertification policies associated with it. We can create recertification policies of different types in the EmpowerID system, and these policies are reusable.
Recertification policies are policies that you add to audits to generate recertification review tasks for the access assignments given to people, roles, groups, and Query-Based collections. Group validity recertification policy is to certify whether an account should exist or not. Possible decisions are: certify, disable and delete. The group validity recertification policy is to certify whether a group should exist or not in the group. For the recertification, an audit is created, which generates business requests that are sent for approval. The engine bundles the recertification items into business requests as per the responsible party. For any item being recertified where its responsible party is null, it bundles them all into one business request where the subject of the request is the fall-back assignee. The possible decisions are generally set as certify, disable or delete. However, these decisions are configurable.
In this post, we will create a group validity type recertification policy and add a target to it.
...