A recertification policy contains actions to ensure that users submit an assurance that they have a genuine, continuous need for a particular resource or membership. As a project might have multiple deliverables, a recertification audit can have multiple recertification policies associated with it. We can create recertification policies of different types in the EmpowerID system, and these policies which are reusable. For example, in an audit we might want to certify , an external partner , identify as well as and a member of certain high-risk management roles in an audit. These items are specified in one or more recertification policies and later added to the same audit.
Recertification Policies are snapshots of data that reveal the access to resources granted to people and to roles, the assignments of people to roles, and the security assignments that have been made against protected resources like Exchange mailboxes, applications, and groups. These snapshots are routed for review to authorized personnel such as managers, role owners, or data owners. The review process allows the reviewer to verify the access and certify whether it is valid. Internal processes can use this data to remediate and rectify exceptions or certify the exceptions as permitted.
Please follow the instructions below to create a recertification policy
Create a Recertification Policy
Log in to the EmpowerID
...
.
On the navbar, expand Compliance and select Recertification.
On the Recertification page, select the Recertification Policies tab and then click + icon to create an audit.
Click + icon to create a new recertification
...
policy.
In the Policy Details form that appears, click the Policy Type drop-down and select from the options
...
. EmpowerID provides different policy types that define data snapshots for a particular resource type. More information about the policy types is covered here in the doc Recertification Policy Types.
Fill in the Name, Display Name, and Description fields.
Select Enabled to enable the policy.
Click Save.
...
After EmpowerID creates the policy, a Target grid appears on the policy details page. This grid allows you to add and remove recertification targets to and from the policy. Recertification targets will enable you to scope the recertification policy to the specific IT objects you want to audit. Multiple EmpowerID actor types can include people, roles, locations, groups, and query-based collections (SetGroup).
...