...
Type | Purpose | Business Requests & Decesions |
---|---|---|
Account Validity | The account Validity recertification policy in EmpowerID collects and presents information about all to recertify the accounts owned by a userthe users. Auditors can then review this information and determine whether a user's account is still necessary and should be certified. The responsibility for certifying whether an account should continue to exist or not is usually assigned to a responsible person, such as a manager, responsible party, or other designated individualThis process helps organizations ensure that only valid accounts exist as per compliance. | Recertification engine groups recertification items into a business request based on the Responsible Party assigned to each item or account. In cases where an account has no responsible party assigned, the engine attempts to set the Account's Manager as the Responsible Party and groups the recertification items based on it. Lastly, the fallback is grouping the business items by Fallback Group By Assignee. When an account has neither Responsible Party nor the Manager, the engine groups the accounts into business requests based on the Fallback Group By Assigne The possible decisions for the business requests generated during the recertification process are certify, disable, or delete. |
Business Role and Location Membership | The business role and location membership recertification policy checks if a user's access to a specific purpose of the Business Role and Location Membership Recertification policy is to certify users' access or membership to a business role and location is still needed for valid business reasons. The responsible person reviews and approves this information via business requests and items. The . Auditors review the membership information and determine whether a person's membership is still necessary and should be certified. This policy helps organizations ensure that only valid persons are members of the particular Business Role and Location.
| For the Business Role and Location Membership policy, the engine bundles the recertification items into business requests based on the object itself. Therefore, in this case, the business role and location are the bundles for the business requests, and its members are items. |
Direct Reports | The Direct Reports recertification policy collects access data to validate if and presents information to recertify the managers and their direct reports are still required for a valid business purpose. The information is presented to the responsible person to certify whether a direct report for a particular manager should exist. Auditors can then review the information about who reports to whom and if it should be certified. This process helps organizations ensure that each user reports to the right person as per compliance. | For the Business Role and Location Membership policy, the engine bundles the recertification items into business requests based on the object itself. Therefore, in this case, the managers are the bundles for the business requests, and the users reporting to the managers are items. |
Group Membership | The group membership recertification policy collects access data to validate whether a group membership for a user is still required for a valid business purpose. This information is reviewed and approved by the responsible person who decides whether membership should existpurpose of the Group Membership policy is to certify users' membership in a group. Auditors review the membership information and determine whether a person's membership is still necessary and should be certified. This policy helps organizations ensure that only valid persons are members of the Group. | The engine bundles the recertification items into business requests based on the object itself. Therefore, in this case, the group is the business requests, and its members are items bundled into the request. The possible decisions are generally set to certify or revoke the group membership. |
Group Owner | The Group Owner membership recertification policy collects access data to validate whether an account as a group owner is still required for a valid business purpose. This information is reviewed and approved by the responsible person during an Audit who certifies whether an account should own a group. This policy type allows recertification of the inventoried native owners for groups as assigned in their external systems (e.g. Azure Teams owners). | |
Group Validity | The Group validity recertification policy collects access data to determine whether or not a group is still required. Auditors make a decision about whether a group should exist. | In the case of group validity recertification, the recertification engine bundles the recertification items into business requests as per the responsible party assigned. For any item being recertified where its responsible party is not assigned, it bundles them into one business request as per the fallback assignee. The possible decisions are generally set to certify, disable or delete. |
Management Role Access Assignment | The management role access assignment recertification policy collects data to certify access granted to a management role is still required for a valid business purpose. In other words, the management role access recertification policy is to certify whether an access grant to the management role should exist. | |
Management Role Membership | The management role membership recertification policy generates recertification data to certify whether a user's membership in a management role is still required for a valid business purpose. | The engine bundles the recertification items into business requests based on the object itself. Therefore in this case the management role is the bundle for the business requests and its members are items. The possible decisions are generally set to certify or revoke the management role membership. |
Management Role Validity | The management role membership recertification policy generates recertification data to certify whether a management role is still required for a valid business purpose. | In the case of Management Role Validity recertification, the recertification engine bundles the recertification items into business requests as per the responsible party assigned. For any item being recertified where its responsible party is not assigned, it bundles them into one business request as per the fallback assignee. The possible decisions for the business requests are generally set as certify, disable or delete. |
Person Access Summary | The person access summary policy validates the person with all types of access assignments currently granted to a Person. This policy recertifies the person's access, the level of access granted, and any special privileges or permissions they may have. The person access summary recertifies
| For the person access summary |
Person Validity | The person validity recertification policy determines whether or not the Person object is still required. In other words, the person validity recertification policy certifies whether a Person object should exist in EmpowerID. | Recertification engine groups recertification items into a business request based on the Responsible Party assigned to each item or person. In cases where a person has no responsible party assigned, the engine attempts to set the Person’s Manager as the Responsible Party and groups the recertification items based on it. Lastly, the fallback is grouping the business items by Fallback Group By Assignee. When a Person has neither Responsible Party nor the Manager, the engine groups the person objects into business requests based on the Fallback Group By Assigne The possible decisions for the business requests are generally set as certify, disable, or delete. |
...