Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Per the configured schedule, EmpowerID creates a new PAM certification Campaign from the existing PAM recertification template.
  2. The Recertification Campaign uses the Recertification Policy to handle tasks:
    1. It automatically sends recertification tasks and notifications to line managers or direct reports with privileged access.
    2. The campaign automatically closes on the end date of the audit and flags any unresolved tasks as revoked.
  3. Tasks are completed either by Line Managers, or automatically by RBAC:
    1. Line managers certify the privileged access management roles for their direct reports using the same process as the annual audit.
    2. RBAC processes remove any privileged assignments from the privileged management roles.
  4. Any management roles certified as revoked are unassigned from the direct report. No quality check is required.
  5. Any privileged group removals resulting from the revoking of the privileged access management role are placed in the Group Membership Queue.
  6. The Group Membership Queue processes the group removals and generates fulfillment tasks for the owners of the groups.
  7. Tasks are placed on the group owners' task lists and email notifications are sent out to the group owners informing them of the new tasks.
  8. The group owners remove the access in the native systems that correspond to the privileged groups that were revoked.
  9. Following group owner approval of the revoke tasks, the fulfillment report is updated with the final status of the revocation tasks.
  10. The recertification fulfillment report, which can be searched, sorted, and exported to evaluate the final resolution of all recertification tasks.

...