Page Comparison

Recertification policies are policies that you add to audits to generate recertification review tasks for the access assignments given to people, roles, groups, and Query-Based collections. Person The person validity recertification is a method of determining whether or not the person is still required. Certain actions must be made if the persons are no longer required. In other words, a person validity recertification policy is used to certify the whether a person should exist or not. Possible decisions are: certify, disable and delete. We will create a person validity type recertification policy in this post and add a target to it.Pre-requisite for recertification policies, audit compilation and fulfilment of business requests.

For the recertification, a recertification policy is created, a recertification audit is created, the recertification policy is added to the audit, then the audit is compiled, which generates business requests that are sent for approval.

In the case of person validity recertification, the recertification engine bundles the recertification items into business requests as per the responsible partyassigned. For any item being recertified where its responsible party is null, it bundles them into one business request as per the fall-back assignee.

The possible decisions are generally set to certify, disable or delete. However, these decisions are configurable. This configuration is described under decision configuration at the end of this page.

Note: For the recertification to work in EmpowerID, certain prerequisites must exist.

Create a Person Validity Type Recertification Policy

1. Log in to the EmpowerID web application as an auditor or other person with the ability to configure audits.

2. On the navbar, expand Compliance and select Recertification.

3. On the Recertification page, select the Recertification Policies tab
   

   Image RemovedImage Added

4. Then click + icon to create a new Recertification Policy

5. The policy details page opens up.

6. Select policy type as ‘Person Validity.’ Enter any name, display name, and description.

7. Click on Save.
   

   

   
   Add the target type “Business Role and Location” to the policy created

8. Click on the '+' icon at the bottom of the policy details page to add the target

9. The attestation policy target section opens up.

10. Under the type dropdown, select ‘Business Role and Location.’

11. Under the business role dropdown, please search for a business role and select it.

12. Under the location dropdown, please search for a location and select it.

13. Click on Save.
    

    

    
    Add the target type “Group” to the policy created

14. Click on the '+' icon at the bottom of the policy details page to add the target

15. The attestation policy target section opens up.

16. Under the type dropdown, select ‘Group.’

17. Under the enter, a group name to search dropdown, search for a group, and select it.

18. Click on Save.
    

    

    
    Add the target type “Location” to the policy created

19. Click on the '+' icon at the bottom of the policy details page to add the target

20. The attestation policy target section opens up.

21. Under the type dropdown, select ‘Location.’

22. Under the location dropdown, please search for a location and select it.

23. Click on Save.
    

    

    
    Add the target type “Management Role” to the policy created

24. Click on the '+' icon at the bottom of the policy details page to add the target

25. The attestation policy target section opens up.

26. Under the type dropdown, select ‘Management Role.’

27. Under the enter a management role name dropdown, please search for a management role and select it.

28. Click on Save.
    

    

    
    Add the target type “Management Role Definition” to the policy created

29. Click on the '+' icon at the bottom of the policy details page to add the target

30. The attestation policy target section opens up.

31. Under the type dropdown, select ‘Management Role Definition.’

32. Under the enter a management role definition name dropdown, please search for a management role definition and select it.

33. Click on Save.
    

    

    
    Add the target type “Person” to the policy created

34. Click on the '+' icon at the bottom of the policy details page to add the target

35. The attestation policy target section opens up.

36. Under the type dropdown, select ‘Person.’

37. Under the enter a person name to search dropdown, please search for a person and select it.

38. Click on Save.
    

    

    
    Add the target type “Set Group” to the policy created

39. Click on the '+' icon at the bottom of the policy details page to add the target

40. The attestation policy target section opens up.

41. Under the type dropdown, select ‘Set Group.’

42. Under the enter a query-based collection name to search dropdown, please search for a query and select it.

43. Click on Save.
    

    

44. The person validity recertification policy type with various target types is created as below.
    

    

    
    

Decision Configuration for Person Validity

The possible decisions for group validity recertification policy type are configurable. For configuring them we need to take the following steps.

1. Log in to the EmpowerID web application

2. On the navbar, expand IT Shop and select Approval Flow Policies.

3. On the Approval Flow Policies page, select the Item Type Actions tab.

4. Then search for Recertify Person Validity.

5. Click on the Recertify Person Validity and scroll down to select Decisions for Approval Flow Steps.
   

   Image Added

    

6. Click on the + icon to add more approval decision if needed.

7. As shown in the above screenshot, what happens when the approval decision is taken as
   Certify - no fulfillment work flow is needed.
   Delete - Person validity delete fulfillment work flow is started.
   Disable - Person validity disable fulfillment work flow is started.

8. You can also edit or change the workflows that should execute as per an approval decision. Just click on the edit icon on the above image.
   

   Image Added

    

9. To see how the business requests generated are grouped for approval, we need to open the approval step selected by right click and open in new window. Here the approval step is person manager step as shown in the image above. In this case it is bundled as per two rule types ( target person manager and target resource line manager) as shown in the image below. So based on what is configured in approval step the business requests generated will be routed to for approval.
   

   Image Added

10. Workflow used: When you edit the Item Type Actions named Recertify Person Validity, you would be able to see the fulfillment workflow. For this item the fulfillment workflow selected is Recertification Fulfillment as shown in the image below. For the fulfillment the selected workflow is run. This workflow assigned is configurable as well. You can delete it and select another workflow if needed.
    

    Image Added

    
    We have created the person validity recertification policy and added target to it. the next step would be to creat an audit and add the person validity policy to it.

Next Steps

• Audit with Person Validity Recertification Policy

...