Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In EmpowerID, an audit is a logically named user-defined object for identifying or grouping recertification tasks and running the recertification policies that generate them. After creating an audit, you can add The review of user access rights to see if they are proper and correspond to the organization's internal rules and compliance standards is known as access recertification audit.

An audit can be considered as a project with an start date and end date. We might want to audit or certify multiple items using an audit. For example, in a Q1 audit you might want to certify, external partner identify as well as member of certain high risk management roles. These items are specified in one or more recertification policies to it. Then when the audit runs, it creates a recertification task for each item in the policy. We will create an audit and add a account validity type recertification policy.

...

. As a project might have multiple deliverables an audit can have multiple recertification policies associated with it. We can create recertification policies of different types in the EmpowerID system and these policies are reusable.

Account validity recertification is a method of determining whether or not accounts are still required. Certain actions must be made if the accounts are no longer required. In other words, account validity recertification policy is to certify whether an account should exist or not.

Note: For the recertification to work in EmpowerID, certain prerequisites must exist.

Create an audit

  1. On the navbar, expand Compliance and select Recertification.

  2. Select the Audits tab on the Recertification page and click + icon to Create Audit.

    Image RemovedImage Added


  3. Enter the name, display name, and description.

  4. Select location from the location tree. The location of the audit has no impact on business logic. Location is required so that we can delegate who can see, edit or delete it.

  5. Select the audit owner. This is the person responsible for running this audit. The owner of the audit will be initiator of the corresponding business requests. The audit owner will get notifications when the business requests are approved or rejected.

  6. Select the started date and due date. An audit it is like a project with an start data and an end date.

  7. Is Template: The audit may be a one time audit or a template. For example, if it is every 90 days contractor access audit, we may not want to create a new audit every 90 days, rather we should create this kind of audit as template. A template audit can be specified with schedule like daily, monthly, weekly and custom interval. A new audit is created automatically at specified interval by cloning the templated audit.

    Image Added

  8. Click on the Save button. This will create a new entry in audit table in the the SQL database.


    Add the Recertification Policy on the Audit

  9. Click on the '+' icon to add the recertification policy on the audit details page.

    Image Added


  10. Select the recertification policy from the recertification dropdown.

  11. Select the fall-back assignee and click on Save.

    Image Added

  12. Click on the 'Enable' checkbox for the audit and click on the Save button. When you enable an audit, the recertification engine considers that the audit as completely configured and ready. Thus the recertification engine looks at the audit and compiles it to generate recertification approval tasks.

    Image Added

  13. Navigate to the audit tab and search for the above audit.

    Image Added

  14. The audit is displayed in the list.

  15. Compilation status shows as compilation completed. Business Request = No of the Group in the recertification policy.

    Validate that these Business Requests are visible in MyTasks

  16. Login to MyTasks (Tasks and Requests -->My Task App)

  17. In the top left, filter by 'To Do'

  18. Search by the Audit Name

    Image Added


    Validate that any of the potential approvers of the business requests can action it

  19. Login to MyTasks -> In the top left, filter by 'To Do' -> Search by the Audit Name.

  20. Click on the Business Request details -> In the decision dropdown following options are available.
    a. 'Certify' any of the Business request items
    d. Disable any of the Business request items
    C. Delete any of the Business request items

    Image Added


    Validate that fulfilment runs successfully for the business requests

  21. Click on the link below the name of the business request in the above image.

  22. It will open a pop-up window.

  23. Verify that the Fulfilment status is “Fulfilment Succeeded.”

    Image Added


    Note: You can also check the fulfillment status of a business request under Request Item Tracking.


    Following the recertification process, completion checks are carried out. Management should certify that all users who no longer require access to the system have been deleted. Validate that based on the decisions made on the business requests, the account validity should reflect respectively

  24. In EmpowerID, Navigate to Identity Administration -> People-> Search for the Person configured on the recertification policy.

    Image Added

  25. If decision has been made to 'certify an account'-> then the status of the account should still remain the same as enabled.

  26. If decision has been made to 'disable an active account' -> then the status of the account should be shown as deleted.

  27. If decision has been made to 'delete an account' -> then the account should not exist here.



Check Fulfillment Status of a Business Request

Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue