Create Recertification Policies

Owned by Phillip Hanegan
Last updated: Mar 16, 2022 by Dhiraj Kumar (Unlicensed)
2 min read

A recertification policy contains actions to ensure that users submit an assurance that they have a genuine, continuous need for a particular resource or membership. As a project might have multiple deliverables a recertification audit can have multiple recertification policies associated with it. We can create recertification policies of different types in the EmpowerID system, and these policies are reusable. For example, in an audit we might want to certify, an external partner, identify as well as a member of certain high-risk management roles. These items are specified in one or more recertification policies.

Recertification Policies are snapshots of data that reveal the access to resources granted to people and to roles, the assignments of people to roles, and the security assignments that have been made against protected resources like Exchange mailboxes, applications, and groups. These snapshots are routed for review to authorized personnel such as managers, role owners, or data owners. The review process allows the reviewer to verify the access and certify whether it is valid. Internal processes can use this data to remediate and rectify exceptions or certify the exceptions as permitted.


Create a Recertification Policy

  1. Log in to the EmpowerID web application as an auditor or other person with the ability to configure audits.

  2. On the navbar, expand Compliance and select Recertification.

  3. On the Recertification page, select the Recertification Policies tab and then click + icon to create an audit.

     

  4. Click + icon to create a new recertification pol.

  5. In the Policy Details form that appears, click the Policy Type drop-down and select from the options mentioned above to create a snapshot of the policy type's data:

  6. Fill in the Name, Display Name, and Description fields.

  7. Select Enabled to enable the policy.

  8. Click Save


After EmpowerID creates the policy, a Target grid appears on the policy details page. This grid allows you to add and remove recertification targets to and from the policy. Recertification targets will enable you to scope the recertification policy to the specific IT objects you want to audit. Multiple EmpowerID actor types can include people, roles, locations, groups, and query-based collections (SetGroup).

Next Steps

Add targets to recertification policies