Versions Compared

Old Version 1

changes.mady.by.user Universal Importer for Confluence

Saved on

compared with

New Version Current

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

Adding Recertification Policies to Audits

In EmpowerID, an audit is a user-defined, logically named object for identifying or grouping recertification tasks and running the

...

recertification policies that generate those tasks. After creating an audit, you add

...

recertification policies to it to define what you want to audit. Then when the audit runs, it compiles those

...

recertification policies, creating

...

any necessary recertification tasks.

Info
titlePrerequisites

...

Both the audit and the policy must exist in EmpowerID. If they do not, please see Creating Recertification Policies and Creating Audits for more information.

Anchorto-add-recertification-policies-to-auditsto-add-recertification-policies-to-audits

To add Recertification policies to audits

To add recertification policies to audits

  1. Log in to the EmpowerID Web application as an auditor or other person with the ability to configure audits.
From
  2. In the Navigation Sidebar,
navigate to the Audit Configuration page by expanding For Auditors and clicking
  1. expand Compliance Management and click Audit Configuration.
From the Audit Configuration page, click the
  2. Click the Audits tab and search for the audit to which you want to add a Recertification policy.
  3. Click the Audit link.
Image Removed
  1.  

    Image Added
    This opens the
ViewOne
  1. View One page for the Audit. View One pages allow you to view information about an object in EmpowerID and manage it as needed.

    Image Added
Image Removed
  1. From the audit's View One page, expand
the
  1. the Recertification Policies accordion and click
the
  1. the Add New Recertification Policy (+) button in the Policy grid.
Image Removed
  1.  

    Image Added
  2. In the Recertification Policy dialog that appears, type the name of the policy you want to add to the audit, and then click the tile for that policy.
Image Removed
  1.  

    Image Added

  2. Optionally, type a number in the Ignore Any Certified Within Last X Days field.

    Tip

    This is useful in situations where a previous audit

was

  1. closed before all recertification tasks it generated

by it

  1. were completed.

In this

  1. This way, managers

will

  1. only

be given

  1. receive recertification tasks for any direct reports who

have

  1. were not certified in the last audit.

Image Removed

  1. This setting does not completely exclude previously audited direct reports; it only excludes those access assignments that were re-certified within the specified day range. Thus, if a direct report gains access to a new resource, such as becoming the member of a new group, the audit

will generate

  1. generates a

Recertification

  1. recertification task for that new membership.


    Image Added

  2. Click Save to add the Recertification policy to the audit.
Image Removed You should see the policy
  1. The policy is added to the Recertification Policies grid.
Image Removed Optionally


  1. Image Added

To add exclusions to the Policy

 Optionally, you can keep the audit from creating recertification tasks for certain access assignments that would normally be generated by the

...

recertification policy.

...

  1. On the Recertification Policy grid, click

...

  1. the Exclusions button for the

...

  1. policy.

    Image Added
    This opens a view with two grids: Exclude These Entitlements and Exclude These Entitlement Types.  These grids allow you to exclude entitlements granted to specific actors, such as individual people or groups, as well as entitlement types, such as roles or groups that have no bearing for the audit.

    Image Added
  2. To exclude a specific entitlement,

...

  1. in the Exclude These Entitlements grid,

...

  1. click the Add button.

    Image Added
    This opens the Attestation Policy Target dialog, where you can select the type of resource, such as Business Role and Location, and a specific object of that type, such as Sales Rep in Boston.

    Image Added
  2. Select a target type from the Type drop-down

...

  1. , for example, Management Role

    Image Added
    A box (or if you choose Business Role and Location, a pair of tree selectors) appears to the right.

    Image Added
  2. Click in the box and press Enter for a list of available options, or type the name of the specific actor to exclude, in this case "customer," select the tile for the actor, and click Save.

    Image Added
    The Customer actor type is added to the grid of entitlements to exclude from this audit.

    Image Added
  3. To exclude a type of entitlement, in the Exclude These Entitlement Types grid,

...

  1. click the Add button.

    Image Added
  2. Select a Type from the

...

  1. drop-down list. The following types are available:
    • Business Role excludes business roles from the type of entitlements audited.
    • Group Membership excludes group membership from the type of entitlements audited.
    • Inherited Direct by Business Role excludes any access inherited directly from the person's business role from the type of entitlements audited.
    • Inherited Direct by Management Role excludes any access inherited directly from the person's management role from the type of entitlements audited.
    • Inherited Direct by Primary Business Role excludes any access inherited directly from the person's primary business role from the type of entitlements audited.
    • Inherited Location based by Business Role excludes any location inherited from the person's business role from the type of entitlements audited.
    • Inherited Location by Primary Business Role excludes any location inherited from the person's primary business role from the type of entitlements audited.
    • Inherited Management Role by Primary Business Role excludes any management role inherited directly from the person's primary business role from the type of entitlements audited.
    • Inherited Role Group Membership excludes any group membership inherited from the person's role from the type of entitlements audited.
    • Management Role excludes management roles from the type of entitlements audited.
    • Primary Business Role excludes primary business roles from the type of entitlements audited.
    • Resource Role excludes resource roles from the type of entitlements audited.
    • Role Group Membership excludes role group membership from the type of entitlements audited.

  2. Click Save.

    Image Added
    The type is added to the grid of excluded entitlement types.

    Image Added


Once you have finished adding your Recertification policies to the audit, the next step is to generate the recertification tasks associated with the policies. You do this by compiling the audit. This is demonstrated in the Compiling Audits topic.

Related Topics Anchoradministrative-proceduresadministrative-procedures

Administrative Procedures:

Anchoruser-proceduresuser-procedures

User Procedures:

  • Responding to Recertification Tasks
  • Performing Revokes Quality Checks
    • Fulfilling Revokes