The JIT recertification flow simplifies the process of handling recertification events that occur due to changes in resources or policies without requiring a recertification audit. In some instances, recertification may be necessary, for example, when a person changes departments and their group memberships or management role assignments need to be verified. In such scenarios, previously, the only option was to create an audit, but now, the flow item can trigger the creation of a business request to recertify the resource without the need for a complete audit.
The JIT recertification flow item is tied to a recertification policy that can define which type of data should be certified when the flow item is triggered. To modify the just-in-time (JIT) recertification process, you can configure or change the JIT recertification flow item. This allows you to customize the process by adjusting configurations such as Item Type Action, Recertification Policy, and Approval Fulfillment Workflow. However, it is important to consider the information provided in the Key Concept below before making any changes.
Key Concept
When choosing a recertification policy, it's important to ensure that it applies to all resources, not just a single one. For example, if a policy only targets a particular person, it's ineffective because the event won't generate a recertification for another person in the same flow event. It is crucial to have a policy that applies to all resources for effective recertification. The target of the policy tied to the recertification flow item must include all possible resources. Typically, special recertification policies are created for the JIT recertification flow item, which is usually shipped with the product and should not be included in other normal audits. If you want to change the default policy, please make sure you meet the requirements discussed here.
Recertification Policy: Recertification policies determine the type of access information that needs to be reviewed and validated for each user. Read More
Target: Recertification targets configure who/what to recertify. Targets are added to the policy. Read More
Item Scope Type: Item Type Scope will determine which data/access the policy will recertify. Targets are added to the policy. Read More
Configure the JIT Recertification Flow Item
Please Log in to EmpowerID with the necessary permissions.
On the navbar, expand Low Code /No Code Workflow and No Code Flows.
Click on the Flow Items Activities tab to view a list of flow item activities in the system.
Type "Just in Time Person Access Summary Recertification" in the search box and click search. Then, click on the
icon to view the details of the recertification flow item.
You can view other details, including the Item Type Action and Scope Type. Take note that the action type for this particular flow item is Just in Time Person Access Summary Recertification, which we will look into in more detail.
Click on the Item Type Actions tab to view the item type actions.
Type "Just in Time Person Access Summary Recertification" in the search box and click search. Click on the icon to open the details for the item type action.
You can find details, including the Approval Fulfillment WF, which is FWPersonJITRecertification.
Click on the FWPersonJITRecertification, which opens the ViewOne page for the workflow. View One pages are designed to facilitate the viewing and managing of the corresponding objects in EmpowerID.
Locate the Request Workflow Parameters tab and click on the
icon.
Provide the appropriate value for the Target Attestion Policy ID.