Scribd Logo
Upload

Welcome to Scribd!

  • SailPoint Access Certification Process

    Uploaded by

    santoshs2002848
    136 views28 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    136 views28 pages

    SailPoint Access Certification Process

    Uploaded by

    santoshs2002848

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 28

    SailPoint Access Certification

    User Access Certifications using AAM SailPoint Solution

    Current Process: User Access Certifications at Company A

    New Process: User Access Certifications using AAM SailPoint Solution


    Types of Certifications in SailPoint IdentityIQ
    These are three (3) types of Certifications configured in IdentityIQ.

     People Manager and BAO Certifications are discussed in detail in next slides.
    People Manager Certification in IdentityIQ & Process Flow

    People Manager Certification Process Flow:

     SailPoint IdentityIQ creates certifications to review access for the users


     People Managers perform certifications for their direct reports
     People Managers access SailPoint IdentityIQ and approve or revoke users’ access on a IdentityIQ’
    s web-based interface
     SailPoint IdentityIQ stores the certification results and takes further action e.g.. de-provisions users’
    roles if marked as revoke in the certification
    BAO Certifications in IdentityIQ & Process Flow

     BAO performs a certification in IdentityIQ for users whose People Managers have a title of above 2 nd level
    VP
     Also, BAO’s reviews the completed People Manager Certification report & signs-off on the report in
    IdentityIQ
    User Access Certifications - Notifications & Escalations

    Access Certifications Notifications


    Receiver Description Type Days
    Certifier Certification Notification email Notification 0 Day

    Certifier Certification incomplete after First Reminder 15 Days


    15 days of start date Notification
    Certifier Certification incomplete after Second Reminder 20 Days
    20 days of start date Notification

    Access Certifications Escalations


    Receiver Description Type Days
    Certifier’s Manager Certification incomplete after 1st Escalation 25 Days
    25 days of start date
    Corporate AAM Office / Certification incomplete after Final escalation 30 Days
    AAM Lead 30 days of start date
    Certification in SailPoint IdentityIQ
    Steps to complete a Certification in IdentityIQ

    Steps to complete a Certification in IdentityIQ

    Step 1: Email Notification


    • You will receive an email from AAM_Support@Company A.com with certification details
    • Follow the link to begin your certification
    • Click the “AAM SailPoint Help” link for more information
    Steps to complete a Certification in IdentityIQ

    Step 2: IdentityIQ Dashboard


    • Access IdentityIQ. The 1st page displayed is the IdentityIQ ‘Dashboard’
    • Click on the Certification in the ‘Inbox’ to begin the certification process
    Steps to complete a Certification in IdentityIQ

    Step 3: Access Review Details Page


    • A pop up will be displayed with Details on the Access Review. Click ‘Ok’ to continue to the access review.
    Steps to complete a Certification in IdentityIQ
    Step 3 Continued: Access Review Details Page
    • Access of each user will be displayed.
    • Click on each user’s access review line item to complete certification
    Steps to complete a Certification in IdentityIQ

    Step 4: Make Decisions


    • Choose a certification action for the users
    Steps to complete a Certification in IdentityIQ

    Step 4 Continued: Make Decisions


    • Choose a certification action (approve/revoke) for each user’s role
    • Click ‘Save Changes’ to continue to the next user

    Click ‘Save Changes’ after


    making each decision
    Steps to complete a Certification in IdentityIQ

    Step 4 Continued: Make Decisions


    • If there is a segregation of duties (SOD) by a user, the violated SOD will be displayed for the user within the
    certification.

    Step 2: Select ‘Allow Exception’


    or ‘Revoke’ Step 1: Click on user to display SOD violation
    information
    Steps to complete a Certification in IdentityIQ

    Step 4 Continued: Make Decisions


    • The details of the violated SOD Policy description are displayed to the certifier
    Steps to complete a Certification in IdentityIQ

    Step 5: Sign off Certification


    • Once certification decision is saved for each user, click ‘Sign off’ to submit certification
    • Note: Sign Off is only available when the user roles have been certified and decisions have been saved i.e.
    Percent Complete is 100%
    Summary: Steps to complete a Certification in IdentityIQ
    Certification Delegations
    Assigning a Sub-Certifier in Certifications

     Certifications items may be delegated by the certifier to a sub-certifier in IdentityIQ


     Sub-certifiers can be chosen inside the certification view for each of the roles for direct report(s)

    Steps to assign a sub-certifier:


    1. Open certification in IdentityIQ, select one or more users for delegation. Click on “Delegate” option for each
    user’s line item

    Step 1: Click on ‘Delegate’ button for


    the user’s certification line item
    Assigning a Sub-certifier in Certifications

    2. After selecting ‘Delegate’, select the recipient of the delegated item from the drop-down list of users & click
    on ‘Delegate’

    Step 2: Search & select sub-


    certifier

    3. After selecting the sub-certifiers, select ‘Save Changes’

    Step 3: Click ‘Save Changes’


    Certifying Work Item by a Sub-certifier

    The assigned Sub-certifier will receive a ‘Certification Work Item’ in SailPoint IdentityIQ. This work item can be
    accessed in the “Dashboard->Inbox”

    Step 1: Select
    certification work item
    from Dashboard-Inbox
    Certifying Work Item by a Sub-certifier

    The sub-certifier can certify the delegated certification work item i.e. approve or reject, add comments & save.

    Step 2: Add comments

    Step 1: Select
    ‘Approve’ or ‘Revoke’

    Step 3: Click ‘Save’

    Step 4: Click
    ‘Complete’ or ‘Reject’
    Certification / Report Sign Off
    Sign-Off after Certification

    After the certifier or sub-certifier has completed the certification items, the People Manager/BAO must sign off
    on the certification in IdentityIQ

    Steps to sign off on the certification:


    1. Open the certification containing the certification work items from Dashboard->Inbox
    2. Click on ‘Sign off’ (only available when certification items are 100% complete)
    Steps to Sign off Reports for BAO

    SailPoint IdentityIQ will generate a ‘User Access Report’ for the BAO. The BAO can review and sign off on this
    report.

    Step 1: Click on report for ‘Sign off’


    under ‘Manage-Work Items’
    Steps to Sign off Reports for BAO

    BAO can open the user access report from the work item.
    Steps to Sign off Reports for BAO

    BAO can review the user’s roles in the application in the user access report.

    Step 3: Review user access in


    report
    Steps to Sign off Reports for BAO

    After reviewing the user access report, the BAO can take action on the report i.e. Sign off

    You might also like