An audit can be considered as a project with a start date and end date. We might want to audit or certify multiple items using an audit. For example, in a Q1 audit you might want to certify, an external partner, identify as well as a member of certain high-risk management roles. These items are specified in one or more recertification policies. As a project might have multiple deliverables an audit can have multiple recertification policies associated with it. We can create recertification policies of different types in the EmpowerID system, and these policies are reusable.
Recertification policies are policies that you add to audits to generate recertification review tasks for the access assignments given to people, roles, groups, and Query-Based collections. Management role access assignment recertification policy is to certify the access granted to the management role, including any RBAC assignment. In this post, we will create a management role access assignment recertification policy and add a target to it.
Pre-requisite for recertification policies, audit compilation and fulfilment of business requests.
Create a Management Role Access Assignment Recertification Policy
Log in to the EmpowerID Web application as an auditor or other person with the ability to configure audits.
On the navbar, expand Compliance and select Recertification.
On the Recertification page, select the Recertification Policies tab
Then click + icon to create a new Recertification Policy
The policy details page opens up.
Select policy type as ‘Management Role Membership.’
Enter any name, display name, and description.
Click on save. The recertification policy is saved successfully.
Add the target type “management role” to the policy created
Click on the '+' icon to add the target.
The attestation policy target section opens up.
Under the type dropdown, select ‘Management Role.’ Enter the name of the Management role
Click on Save.
Add the target type “location” to the policy created
Click on the '+' icon to add the target
The attestation policy target section opens up.
Under the type dropdown, select ‘Location.’
Click on Save
Add the target type “Management Role Definition” to the policy created
Click on the '+' icon to add the target
The attestation policy target section opens up.
Under the type dropdown, select ‘Management Role Definition.’
Click on Save.
Add the target type “Set Group” to the policy created
Click on the '+' icon to add the target
The attestation policy target section opens up.
Under the type dropdown, select ‘Set Group.’
Click on Save.'
Add multiple targets to the policy type “Management Role Access Assignment.”
Click on the '+' icon to add the target
The attestation policy target section opens up.
Under the type dropdown, select ‘Set Group.’
Click on Save.
Click on the '+' icon to add the target
The attestation policy target section opens up.
Under the type dropdown, select ‘Management Role Definition.’
Click on Save.