The review of user access rights to see if they are proper and correspond to the organization's internal rules and compliance standards is known as access recertification audit.
An audit can be considered as a project with an a start date and end date. We might want to audit or certify multiple items using an audit. For example, in a Q1 audit you might want to certify, an external partner, identify as well as a member of certain high-risk management roles. These items are specified in one or more recertification policies. As a project might have multiple deliverables an audit can have multiple recertification policies associated with it. We can create recertification policies of different types in the EmpowerID system and these policies are reusable.
The group membership recertification policy is used to certify group membership, including Person person resources for RBAC membership, group account, nested groups, and any of the type of direct assignmentsassignment. For the recertification, an audit is created, which generates business requests that are sent for approval. The engine bundles the recertification items into business requests based on the object itself. Therefore in this case the group is the bundle for the business request and its members are items.In EmpowerID, an audit is a logically named user-defined object for identifying or grouping recertification tasks and running the recertification policies that generate them. After creating an audit, you can add one or more recertification policies to it. When the audit runs, it creates a recertification task for each item in the policy. Group membership recertification policy is used to certify group membership, including user and nested groups. We will create an audit and add a group membership type recertification policy.
Pre-requisite for recertification policies, audit compilation and fulfilment of business requests.
...