An audit can be considered as a project with a start date and end date. We might want to audit or certify multiple items using an audit. For example, in a Q1 audit you might want to certify, an external partner, identify as well as a member of certain high-risk management roles. These items are specified in one or more recertification policies. As a project might have multiple deliverables an audit can have multiple recertification policies associated with it. We can create recertification policies of different types in the EmpowerID system, and these policies are reusable.
Recertification policies are policies that you add to audits to generate recertification review tasks for the access assignments given to people, roles, groups, and Query-Based collections. The group membership recertification policy is used to certify group membership, including user and nested groups. Possible decisions are: certify, revoke or convert to just-in-time membership(pre-approved)The group membership recertification policy is used to certify group membership, including person resources for RBAC membership, group account, nested groups, and any type of direct assignment. For the recertification, an audit is created, which generates business requests that are sent for approval. The engine bundles the recertification items into business requests based on the object itself. Therefore in this case the group is the bundle for the business request and its members are items.
The possible decisions are generally set to certify or revoke the member. However, these possible decisions are configurable. This configuration is described under decision configuration at the end of this page. In this post, we will create a group membership type recertification policy and add a target to it.
...