You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.
Skip to end of banner
Go to start of banner

Account Validity Type Recertification Policy

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 29 Next »

Account validity recertification policy is to certify whether an account should exist or not. For example, in a company there may be access recertification of employees every year. For the recertification, an audit is created, which generates business requests that are sent for approval. The recertification engine bundles the recertification items into business requests as per the responsible party assigned. If the responsible party is null for any item being recertified, the engine bundles them all into one business request where fall-back assignee is used in place of responsible party.

Recertification policies are policies that you add to audits to generate recertification review tasks for the access assignments given to people, roles, groups, and query-based collections. Possible decisions for account validity recertification are generally set as certify, disable, delete etc. However, these possible decisions are configurable. These configuration is described under decision configuration at the end of this page.

In this post, we will create account validity type recertification policy and add a target to it.

Pre-requisite for recertification policies, audit compilation and fulfilment of business requests.

Create a Account Validity Type Recertification Policy

  1. Log in to the EmpowerID web application as an auditor or other person with the ability to configure audits.

  2. On the navbar, expand Compliance and select Recertification.

  3. On the Recertification page, select the Recertification Policies tab.

  4. Then click + icon to create a new Recertification Policy

  5. The policy details page opens up.

  6. Select policy type as ‘Account Validity.’ Enter any name, display name, and description.

  7. Click on Save.



    Add the target type “Location” to the policy created

  8. Click on the '+' icon at the bottom of the policy details page to add the target.

  9. The attestation policy target section opens up.

  10. Under the type dropdown, select ‘Location.’

  11. Under the select a location dropdown, search for a location and select it.

  12. Click on Save.


    Add the target type “Set Group” to the policy created

  13. Click on the '+' icon at the bottom of the policy details page to add the target.

  14. The attestation policy target section opens up.

  15. Under the type dropdown, select ‘Set Group.’

  16. Type a query name under “enter a query-based collection name”.

  17. Click on Save.

  18. The account validity policy type with two target types are created.

Decision Configuration

The possible decisions(certify, disable and delete) for account validity recertification policy type are configurable. For configuring them we need to take the following steps.

  1. Log in to the EmpowerID web application

  2. On the navbar, expand IT Shop and select Approval Flow Policies.

  3. On the Approval Flow Policies page, select the Item Type Actions tab.

  4. Then search for Recertify Account Validity.

  5. Click on the Recertify Account Validity and scroll down to select Decisions for Approval Flow Steps.

  6. Click on the + icon to add more approval decision if needed.

  7. As shown in the above screenshot, what happens when the approval decision is taken as
    Certify - no fulfillment work flow is needed.
    Delete - Recert delete account fulfillment work flow is started.
    Disable - Recert disable account fulfillment work flow is started.

  8. You can also edit or change the workflows that should execute as per an approval decision. Just click on the edit icon on the above image.

  9. Account validity is grouped by account manager if the approval step is selected as account manager, as shown in above image. To see how it is grouped we need to open the account manager approval step in its view one page by right click and open in new window. In this case it is bundled as per two rule types ( resource owner and target resource line manager). So based on what is configured in approval step the business requests generated will be routed to for approval. For example, here resource owner means owner of the account.




    Workflow used:

  10. When you edit the Item Type Actions named Recertify Account Validity, you would be able to see the fulfillment workflow. For this policy type the fulfillment workflow is Account Recet Ful as shown in the image below.

Next Steps

  • No labels