Hi and Hello,
How to Effectively Use Certification Event: A Comprehensive Guide
Introduction
In today’s world, managing identities and access (IAM) is crucial for ensuring security in a company. One of the tools that help in this process is the Certification Event. In this article, we will show you how to create a certification campaign for a manager, prepare an IdentityTrigger, set up notifications, write an Exclusion Rule, and manage roles and entitlements.
1. Creating a Certification Campaign for a Manager
Step 1: Define the Campaign Goal
A certification campaign should have a clear goal, such as reviewing all roles assigned to employees to ensure they only have the necessary permissions.
Step 2: Select Participants
Managers should be selected as reviewers because they have the best knowledge about the permissions needed for their subordinates.
2. Preparing IdentityTrigger
Step 1: What is an IdentityTrigger?
IdentityTrigger is a mechanism that triggers specific actions in the IAM system, such as notifications or initiating a certification campaign.
Step 2: Creating an IdentityTrigger
Go to the IdentityTrigger section in IIQ. Select the conditions that will trigger the action, such as changing an attribute or adding a new entitlement.
Step 3: Configuring Actions
Define the actions to be taken after the trigger is activated, such as sending a notification to the manager or starting a certification campaign.
You can also trigger an action by changing a rule.
example:
electing roles, entitlements, groups to certify.
3. Setting Up Notifications
Step 1: Defining Notification Types
Determine what notifications are needed, such as reminders of upcoming certification campaigns, notifications of completed reviews, etc.
Step 2: Configuring Notifications
In the IIQ system, go to the notifications section. Choose the type of notification, recipients, and message template.
Selecting the owner and certifiers of the campaign.
You can select the active certification time. You can choose what will happen if the Manager does not accept it. What notification should be sent after closing the campaign or when and what notification should be sent from the system to users.
You can select all decisions in Behavior. There is also an interesting option:
“Default Duration For Exceptions”
where you can set the exact number of days after which roles will be deleted.
4. Writing an Exclusion Rule
Step 1: What is an Exclusion Rule?
An Exclusion Rule is a set of rules that define which elements (users, roles, entitlements) should be excluded from the certification campaign.
Step 2: Creating an Exclusion Rule
Go to the exclusion rules section in the IIQ system. Define the exclusion conditions, such as users with a certain status or roles assigned to specific departments.
5. Managing Roles and Entitlements
Step 1: Determine When Roles/Entitlements Should Be Removed
Roles and entitlements should be removed when they are no longer needed, such as after a project is completed or when changing positions.
Step 2: Configuring Automatic Removal
In the IAM system, set up rules for the automatic removal of roles and entitlements that are no longer needed.
Step 3: Monitoring and Auditing
Regularly monitor and audit roles and entitlements to ensure they are up-to-date and compliant with the company’s security policy.
Conclusion
Creating an effective certification campaign and managing identities and access is crucial for company security. By using tools such as Certification Event, IdentityTrigger, notifications, and Exclusion Rules, we can effectively manage access and ensure that only authorized users have access to critical resources.
Regards,
Adam