Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Policy

Usage

Access for Active People (Logged in Last 90 Days)

For certifying the EmpowerID access assignments for all people who logged in during the last 90 days.

All Access Assignments for Shared Folders flagged as Audit

For certifying shared folder access.

Certify Access Assignments for Resource Mailboxes

For certifying access to resource mailboxes.

Direct Reports Recertification - All People Logged in Last 90 Days

For managers to recertify any direct reports who have logged in within the last 90 days.

Mailbox Permissions

For certifying mailbox permissions.

Management Role Access

For certifying the access granted to Management Roles.

Person Access Summary for People Logged in Last 90 Days

For certifying the access of all people who have logged in within the last 90 days.

Person Direct Entitlements

For managers to certify or revoke the access of their direct reports.

SharePoint Group Access Assignments

All EmpowerID access assignments for SharePoint groups.

Create a Recertification Policy

  1. Log in to the EmpowerID Web application as an auditor or other person with the ability to configure audits.

  2. On the navbar, expand Compliance and select Audit Configuration.

  3. On the Audit Configuration page, select the Actions tab and click Create Recertification Policy.

  4. In the Policy Details form that appears, click the Policy Type drop-down and select from the following options to create a snapshot of the policy type's data:

    • Assignee Granted Security – Access Level Assignments and Management Role assignments granted to an assignee as an actor

    • Direct Reports – who reports to whom

    • Exchange Mailbox Permissions – who currently has what type of access to a given Exchange mailbox

    • Folder Permissions – who currently has what type of access to a given Windows folder

    • Group Membership – who currently has membership in a given group

    • Management Role Membership – current assignees of a Management Role

    • Person Access Summary – all access assignments currently granted to a Person, including:

      • All RBAC assignments, including direct, relative, and by-location assignments

      • Business Role and Location assignments

      • Any group memberships, including those on their accounts and those granted through RBAC

      • Any Management Role memberships

      • Account and group ownership

      • Any native permissions, such as NTFS permissions for shared folders and Exchange mailbox permissions or ACLs

    • Person Direct Entitlements – current access granted to people (also creates recertification tasks for the managers of each person targeted by the policy)

    • Resource Granted Security – who currently has access to any given resource object for which the policy is created

  5. Fill in the Name, Display Name and Description fields.

  6. Select Enabled to enable the policy.

  7. Click Save


After EmpowerID creates the policy, a Target grid appears on the Policy Details page. This grid allows you to add and remove Recertification targets to and from the policy. Recertification targets allow you to scope the Recertification policy to the specific IT objects you want to audit. They can include multiple EmpowerID Actor types, including individual resources, people, roles, locations, groups and Query-based Collections (SetGroups). This is demonstrated in the Adding Targets to Recertification Policies topic.

Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue

...

Next Steps

Add targets to recertification policies

Create audits

Add recertification policies to audits