Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Recertification policies are policies that you add to audits to generate recertification review tasks for the access assignments given to people, roles, groups, and Query-Based collections. In this post, we are going to create Management Role Membership Recertification Policy and add a target to itThe management role membership recertification policy is to certify the current members of a management role, including people, group, and business role and location. For the recertification, an audit is created, which generates business requests that are sent for approval. The engine bundles the recertification items into business requests based on the object itself. Therefore in this case the management role is the bundle for the business request and its members are items. The possible decisions are generally set to certify or revoke the member. However, these decisions are configurable. This configuration is described under decision configuration at the end of this page. In this post, we will create a management role membership type recertification policy and add a target to it.

In this post, we will create a management role membership recertification policy and add a target to it.

Note: For the recertification to work in EmpowerID, certain prerequisites must exist.

Create a Management Role Membership Type Recertification Policy

  1. Log in to the EmpowerID Web application as an auditor or other person with the ability to configure audits.

  2. On the navbar, expand Compliance and select Recertification.

  3. On the Recertification page, select the Recertification Policies tab

    Image RemovedImage Added

  4. Then click + icon to create a new Recertification Policy recertification policy

  5. The policy details page opens up.

  6. Select policy type as

...

  1. Management Role Membership

...

  1. .

...

  1. Enter any name, display name, and description.

...

  1. Image Added

  2. Click on

...

  1. Save.

  2. Attestation policy/Recertification policy is saved successfully.

Add the target type “Management Role” to the policy created

...

  1. Click on the '+' icon to add the target

  2. The attestation policy target section opens up.

  3. Under the type dropdown, select ‘Management Role.’ Enter the name of the Management role

  4. Click on Save.

...

Add the target type “Location” to the policy created

  1. Click on the '+' icon to add the target

  2. The attestation policy target section opens up.

  3. Under the type dropdown, select ‘Location.’

  4. Click on Save.

...

Add the target type “Management Role Definition” to the policy created

  1. Click on the '+' icon to add the target

  2. The attestation policy target section opens up.

  3. Under the type dropdown, select ‘Management Role Definition.’

  4. Click on Save.

Image Added

Add the target type “Set Group” to the policy created

  1. Click on the '+' icon to add the target

  2. The attestation policy target section opens up.

  3. Under the type dropdown, select ‘Set Group.’

  4. Click on Save.

...

Add multiple target to the policy type Management Role Membership

  1. Click on the '+' icon to add the target

  2. The attestation policy target section opens up.

  3. Under the type dropdown, select ‘Management Role.’

  4. Click on Save.

  5. Click on the '+' icon to add another target

  6. The attestation policy target section opens up.

  7. Under the type dropdown, select ‘Management Role Definition.’

  8. Click on Save.

...

Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue

Decision Configuration

The possible decisions for management role membership recertification policy type are configurable.
Enter the name of the Management role

...

Click on save.For configuring them we need to take the following steps.

  1. Log in to the EmpowerID web application

  2. On the navbar, expand IT Shop and select Approval Flow Policies.

  3. On the Approval Flow Policies page, select the Item Type Actions tab.

  4. Then search for Recertify Person as Management Role Member.

  5. Click on the Recertify Person as Management Role Member and scroll down to select Decisions for Approval Flow Steps.

    Image Added

     

  6. Click on the + icon to add more approval decision if needed.

  7. As shown in the above screenshot, what happens when the approval decision is taken as
    Certify - no fulfillment work flow is needed.
    Revoke - MRMembership recert revokation ful fulfillment work flow is started.

  8. You can also edit or change the workflows that should execute as per an approval decision. Just click on the edit icon on the above image.

    Image Added

     

  9. To see how the business requests generated are grouped for approval, we need to open the approval step selected by right click and open in new window. Here the approval step is global owner as shown in the image above. In this case it is bundled as per two rule types (resource owner and global resource owner) as shown in the image below. Therefore, based on what is configured in approval step the business requests generated will be routed to for approval.

    Image Added

     

  10. Workflow used: When you edit the Item Type Actions named Recertify Person as Management Role Member, you would be able to see the fulfillment workflow. For this policy type the fulfillment workflow is selected is Recertification fulfillment as shown in the image below. For the fulfillment the selected workflow is run. This workflow assignment is configurable as well. You can delete it and select another workflow if needed.

    Image Added

Next Steps