The increasing number of apps and systems, across both the cloud and on-premise, can make it a challenge to effectively manage group memberships. As security groups often grant administrative access to organizational IT systems and resources, it is important that the membership of those groups be transparent to group owners, administrators, and other security stakeholders. EmpowerID brings intelligence and in-depth visibility to managing your groups through reporting and dashboards. You can quickly see how many groups your organization has within each system, who belongs to them, and the amount of access those groups grant their members. While this information is immediate and auditable, it can be overlooked. To help you stay on top of your groups, EmpowerID includes a “Continuous Group Membership Recertification” feature that you can enable for each of your connected systems. When enabled, EmpowerID generates recertification tasks for each member of a specified security group whose membership has not been certified within the last “X” number of days. Tasks are sent to the appropriate stakeholders, where they can be reviewed and approved or rejected as needed. If recertification is rejected, EmpowerID removes each rejected account from the group. If recertification is approved, EmpowerID stamps the approved group memberships with the approval date and recycles those memberships for recertification again at the specified date. This ensures that your group membership always remains what it should be. Figure 1 below shows this process from a high level.
...
Components of Continuous Group Membership Recertification
The Continuous Group Membership Recertification feature of EmpowerID includes the components shown in the below table.
...