{ "componentChunkName": "component---src-templates-docs-js", "path": "/admin/7-access-cert/thesaurus", "result": {"data":{"site":{"siteMetadata":{"title":"OpenIAM Documentation v2026.5.2 | OpenIAM","docsLocation":""}},"mdx":{"fields":{"id":"5fc0f7ee-81c2-55de-991d-eb7772b2d2a9","title":"Access Certification Thesaurus","slug":"/admin/7-access-cert/thesaurus"},"body":"var _excluded = [\"components\"];\n\nfunction _extends() { _extends = Object.assign || function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return _extends.apply(this, arguments); }\n\nfunction _objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = _objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }\n\nfunction _objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }\n\n/* @jsxRuntime classic */\n\n/* @jsx mdx */\nvar _frontmatter = {\n \"title\": \"Access Certification Thesaurus\",\n \"metaTitle\": \"Access Certification Thesaurus\",\n \"metaDescription\": \"A glossary of key terms used across Access Certification topics, with links to relevant documentation.\"\n};\nvar layoutProps = {\n _frontmatter: _frontmatter\n};\nvar MDXLayout = \"wrapper\";\nreturn function MDXContent(_ref) {\n var components = _ref.components,\n props = _objectWithoutProperties(_ref, _excluded);\n\n return mdx(MDXLayout, _extends({}, layoutProps, props, {\n components: components,\n mdxType: \"MDXLayout\"\n }), mdx(\"p\", null, \"This thesaurus covers key terms used across the Access Certification section. Use it to look up an unfamiliar term and navigate directly to the article that explains it in context.\"), mdx(\"hr\", null), mdx(\"h2\", null, \"A\"), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Access Certification (UAR)\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"The process of systematically reviewing and approving or revoking user access to applications and entitlements. Campaigns can be entitlement-based or user-based.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"1-entitlmentcert\"\n }, \"Entitlement Based Certification\"), \" | \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-usercert\"\n }, \"User Based Review\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Access Revocation\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"The action of removing access rights from a user, triggered manually during a review or automatically when a campaign expires.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"7-expiration-policy\"\n }, \"Expiration Policy\"), \" | \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"8-multiple-reviwer-campaigns\"\n }, \"Multi-Reviewer Campaigns\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Admin Assignment\"), \" \", mdx(\"em\", {\n parentName: \"p\"\n }, \"(Membership tag)\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A system-assigned membership tag applied whenever an administrator assigns access through the webconsole or API.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"4-membership-tags\"\n }, \"Membership Tags\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Admin Owner System Access\"), \" \", mdx(\"em\", {\n parentName: \"p\"\n }, \"(Membership tag)\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A membership tag indicating that a user holds special rights as an Owner or Admin of a Role, Group, or Resource.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"4-membership-tags\"\n }, \"Membership Tags\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Application Admin / Owner\"), \" \", mdx(\"em\", {\n parentName: \"p\"\n }, \"(Reviewer type)\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A reviewer type for application-based campaigns. The person designated as the admin or owner of an application receives the review tasks for that application.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-usercert\"\n }, \"User Based Review\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"APPROVAL_PATH\"), \" \", mdx(\"em\", {\n parentName: \"p\"\n }, \"(Risk factor)\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A risk factor that analyzes the approval workflow used to grant access. Entitlements granted without proper approval carry a higher risk score.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-risk-factor-config\"\n }, \"Risk Factors Configuration\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Audit Log\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A system record capturing all events related to certification, risk detection, and provisioning actions.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-risk-event-driven-cert\"\n }, \"Risk Event Driven Certification\"), \" | \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"7-expiration-policy\"\n }, \"Expiration Policy\"), \" | \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"9-segregation-of-duties\"\n }, \"SoD Policies\")), mdx(\"hr\", null), mdx(\"h2\", null, \"B\"), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Batch Task\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A background scheduled job used for automation, such as generating reports or processing expired campaign requests.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"3-certification-reporting\"\n }, \"Certification Reporting\"), \" | \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"7-expiration-policy\"\n }, \"Expiration Policy\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Birthright Assignment\"), \" \", mdx(\"em\", {\n parentName: \"p\"\n }, \"(Membership tag)\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A membership tag applied when access is granted automatically via a business rule.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"4-membership-tags\"\n }, \"Membership Tags\")), mdx(\"hr\", null), mdx(\"h2\", null, \"C\"), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Campaign\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"An access certification campaign is a configured review cycle that defines what access is reviewed, who reviews it, and over what period.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"1-entitlmentcert\"\n }, \"Entitlement Based Certification\"), \" | \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-usercert\"\n }, \"User Based Review\"), \" | \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"5-delete-campaign\"\n }, \"Deleting a Campaign\"), \" | \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"6-campaign-database\"\n }, \"Campaign Database\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Campaign Database\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"Starting from version 4.2.2, a campaign is stored as a concrete set of database tables rather than a virtual object, enabling richer reporting and data manipulation.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"6-campaign-database\"\n }, \"Campaign as Database Object\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Campaign Expiration\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"The automatic termination of a campaign after the escalation period ends, with configurable consequences for unreviewed access items.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"7-expiration-policy\"\n }, \"Expiration Policy\"), \" | \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"8-multiple-reviwer-campaigns\"\n }, \"Multi-Reviewer Campaigns\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Cascade Extension\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"An option controlling whether a deadline extension is applied only to the current reviewer or cascaded to all subsequent reviewers.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"8-multiple-reviwer-campaigns\"\n }, \"Multi-Reviewer Campaigns\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Certification Reporting\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"The set of reports available for an access certification campaign: scope, current state, and results reports.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"3-certification-reporting\"\n }, \"Certification Reporting\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Current State Report\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A certification report representing the live status of an in-progress campaign at the time it is generated, delivered to the administrator's mailbox.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"3-certification-reporting\"\n }, \"Certification Reporting\")), mdx(\"hr\", null), mdx(\"h2\", null, \"D\"), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Delete Campaign\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"An administrative action that permanently removes a certification campaign and all its associated requests. Available since version 4.2.2.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"5-delete-campaign\"\n }, \"Deleting a Campaign\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Department Change\"), \" \", mdx(\"em\", {\n parentName: \"p\"\n }, \"(Risk event)\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A profile change that qualifies as a risk event and can trigger a risk event driven certification review.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-risk-event-driven-cert\"\n }, \"Risk Event Driven Certification\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Direct Violation\"), \" \", mdx(\"em\", {\n parentName: \"p\"\n }, \"(SoD)\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"An SoD violation where the user explicitly and directly holds a conflicting entitlement.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"9-segregation-of-duties\"\n }, \"SoD Policies\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Do Nothing\"), \" \", mdx(\"em\", {\n parentName: \"p\"\n }, \"(Expiration policy)\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"An expiration policy option where unreviewed access items are automatically marked as accepted when the campaign expires.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"7-expiration-policy\"\n }, \"Expiration Policy\")), mdx(\"hr\", null), mdx(\"h2\", null, \"E\"), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Email Template\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"The notification template used to send emails to reviewers and managers during a certification campaign.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"1-entitlmentcert\"\n }, \"Entitlement Based Certification\"), \" | \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-usercert\"\n }, \"User Based Review\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Entitlement\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"An access right assigned to a user, typically expressed as a Role, Group, Resource, or Organization membership.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"1-entitlmentcert\"\n }, \"Entitlement Based Certification\"), \" | \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"9-segregation-of-duties\"\n }, \"SoD Policies\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Entitlement Admin / Owner\"), \" \", mdx(\"em\", {\n parentName: \"p\"\n }, \"(Reviewer type)\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A reviewer type where the owner or admin of a role or group receives the review tasks for entitlements under their management.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-usercert\"\n }, \"User Based Review\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"ENTITLEMENT_LIFETIME\"), \" \", mdx(\"em\", {\n parentName: \"p\"\n }, \"(Risk factor)\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A risk factor assessing how long an entitlement has been held. Long-standing, unreviewed entitlements carry elevated risk.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-risk-factor-config\"\n }, \"Risk Factors Configuration\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"ENTITLEMENT_ORIGIN\"), \" \", mdx(\"em\", {\n parentName: \"p\"\n }, \"(Risk factor)\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A risk factor evaluating how an entitlement was granted \\u2014 direct assignment vs. inherited through a role or group.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-risk-factor-config\"\n }, \"Risk Factors Configuration\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"ENTITLEMENT_SENSITIVITY\"), \" \", mdx(\"em\", {\n parentName: \"p\"\n }, \"(Risk factor)\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A risk factor measuring the sensitivity level of an entitlement (e.g., admin access, financial systems contribute more to the overall risk score).\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-risk-factor-config\"\n }, \"Risk Factors Configuration\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Escalation\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"The process of reassigning an incomplete review to a designated escalation reviewer when the primary reviewer fails to finish within the allotted time.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"8-multiple-reviwer-campaigns\"\n }, \"Multi-Reviewer Campaigns\"), \" | \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"7-expiration-policy\"\n }, \"Expiration Policy\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Exemption\"), \" \", mdx(\"em\", {\n parentName: \"p\"\n }, \"(SoD)\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A formal exception recorded in the system that allows a user to retain conflicting entitlements, provided the SoD policy permits exceptions.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"9-segregation-of-duties\"\n }, \"SoD Policies\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Expiration Extension\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A configurable option allowing reviewers to extend the deadline of a campaign by a defined maximum number of days.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"7-expiration-policy\"\n }, \"Expiration Policy\"), \" | \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"8-multiple-reviwer-campaigns\"\n }, \"Multi-Reviewer Campaigns\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Expiration Policy\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"Configuration that defines what happens to unreviewed access items when a campaign expires. Options include \", mdx(\"em\", {\n parentName: \"p\"\n }, \"Do Nothing\"), \", \", mdx(\"em\", {\n parentName: \"p\"\n }, \"Revoke All Access\"), \", and \", mdx(\"em\", {\n parentName: \"p\"\n }, \"Revoke Only Already Revoked Access\"), \".\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"7-expiration-policy\"\n }, \"Expiration Policy\")), mdx(\"hr\", null), mdx(\"h2\", null, \"G\"), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Group\"), \" \", mdx(\"em\", {\n parentName: \"p\"\n }, \"(Reviewer type)\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A reviewer type where a defined group of users is collectively assigned the review tasks.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-usercert\"\n }, \"User Based Review\")), mdx(\"hr\", null), mdx(\"h2\", null, \"H\"), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Hard Violation\"), \" \", mdx(\"em\", {\n parentName: \"p\"\n }, \"(SoD)\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"An SoD violation type that blocks the provisioning operation entirely, preventing the conflicting entitlement from being assigned.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"9-segregation-of-duties\"\n }, \"SoD Policies\")), mdx(\"hr\", null), mdx(\"h2\", null, \"I\"), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Impact Level\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A classification (High, Medium, or Low) derived from a risk factor's weight, indicating how critical an access decision is if incorrectly granted.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-risk-factor-config\"\n }, \"Risk Factors Configuration\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Indirect Violation\"), \" \", mdx(\"em\", {\n parentName: \"p\"\n }, \"(SoD)\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"An SoD violation where the user has effective access to a conflicting entitlement through inheritance (e.g., via a parent group or role hierarchy).\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"9-segregation-of-duties\"\n }, \"SoD Policies\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"IsCertified\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A legacy access right type that previously determined whether a membership would be included in access reviews. Replaced by Membership Tags in version 4.2.2.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"4-membership-tags\"\n }, \"Membership Tags\")), mdx(\"hr\", null), mdx(\"h2\", null, \"M\"), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Manager of Access Review\"), \" \", mdx(\"em\", {\n parentName: \"p\"\n }, \"(UAR Manager)\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"The person overseeing a certification campaign. They have access to the dashboard, reports, and can delegate review requests.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"1-entitlmentcert\"\n }, \"Entitlement Based Certification\"), \" | \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-usercert\"\n }, \"User Based Review\"), \" | \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"3-certification-reporting\"\n }, \"Certification Reporting\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Membership Tag\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"Metadata attached to an access assignment that describes \", mdx(\"em\", {\n parentName: \"p\"\n }, \"how\"), \" a user obtained that access (e.g., admin assignment, business rule, self-service request). Used to filter entitlements in access reviews.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"4-membership-tags\"\n }, \"Membership Tags\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Membership Tags to Exclude\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A campaign configuration field allowing reviewers to filter out irrelevant types of access assignments from the review scope.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"4-membership-tags\"\n }, \"Membership Tags\"), \" | \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"1-entitlmentcert\"\n }, \"Entitlement Based Certification\"), \" | \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-usercert\"\n }, \"User Based Review\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Mitigating Control\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A compensating measure that reduces the risk of an SoD policy violation without removing the conflicting access. Documented for audit purposes and linked to SoD policies.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"10-mitigation-controls\"\n }, \"Mitigation Controls for SoD\"), \" | \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"9-segregation-of-duties\"\n }, \"SoD Policies\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Multi-Reviewer Campaign\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A campaign configured with multiple reviewers who evaluate access sequentially. Each reviewer acts on items accepted by the previous reviewer.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"8-multiple-reviwer-campaigns\"\n }, \"Multi-Reviewer Campaigns\")), mdx(\"hr\", null), mdx(\"h2\", null, \"O\"), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Organization Certifier\"), \" \", mdx(\"em\", {\n parentName: \"p\"\n }, \"(Reviewer type)\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A reviewer type where the certifier assigned to a user's organization receives the review tasks.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-usercert\"\n }, \"User Based Review\")), mdx(\"hr\", null), mdx(\"h2\", null, \"P\"), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Policy\"), \" \", mdx(\"em\", {\n parentName: \"p\"\n }, \"(SoD)\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"The top-level SoD object defining a conflict between entitlements. It specifies severity, segments, exceptions rules, and linked mitigating controls.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"9-segregation-of-duties\"\n }, \"SoD Policies\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Policy Segment\"), \" \", mdx(\"em\", {\n parentName: \"p\"\n }, \"(SoD)\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A subset within an SoD policy that specifies which exact roles, groups, resources, or organizations are in conflict with each other.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"9-segregation-of-duties\"\n }, \"SoD Policies\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Provisioning\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"The process of granting or revoking user access. SoD checks run during every provisioning operation.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-risk-event-driven-cert\"\n }, \"Risk Event Driven Certification\"), \" | \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"9-segregation-of-duties\"\n }, \"SoD Policies\")), mdx(\"hr\", null), mdx(\"h2\", null, \"R\"), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Reference Start Date\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"The anchor date used to calculate when the next automatic campaign execution should occur.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"1-entitlmentcert\"\n }, \"Entitlement Based Certification\"), \" | \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-usercert\"\n }, \"User Based Review\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Requested Access\"), \" \", mdx(\"em\", {\n parentName: \"p\"\n }, \"(Membership tag)\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A membership tag applied when access was granted as a result of a user request submitted through the SelfService portal.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"4-membership-tags\"\n }, \"Membership Tags\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Results Report\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A certification report generated automatically upon campaign completion, summarizing the final outcome. Sent to the UAR manager's email.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"3-certification-reporting\"\n }, \"Certification Reporting\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Reviewer\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A person or group responsible for evaluating and accepting or revoking user access during a certification campaign.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-usercert\"\n }, \"User Based Review\"), \" | \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"8-multiple-reviwer-campaigns\"\n }, \"Multi-Reviewer Campaigns\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Revoke All Access\"), \" \", mdx(\"em\", {\n parentName: \"p\"\n }, \"(Expiration policy)\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"An expiration policy option that revokes all access items in the campaign \\u2014 regardless of review status \\u2014 upon campaign expiration.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"7-expiration-policy\"\n }, \"Expiration Policy\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Revoke Only Already Revoked Access\"), \" \", mdx(\"em\", {\n parentName: \"p\"\n }, \"(Expiration policy)\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"An expiration policy option that only finalizes previously revoked items upon expiration; unreviewed items are marked as accepted.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"7-expiration-policy\"\n }, \"Expiration Policy\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Risk Event\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A user profile change (title change, supervisor change, or department change) that triggers a risk event driven certification review.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-risk-event-driven-cert\"\n }, \"Risk Event Driven Certification\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Risk Factors\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"Individual attributes or signals used to calculate the overall risk score of a user's access. Five factors are available: Entitlement Sensitivity, Entitlement Origin, Entitlement Lifetime, Approval Path, and UAR Awareness.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-risk-factor-config\"\n }, \"Risk Factors Configuration\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Risk Score\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"The overall risk assessment computed by combining the weighted values of all enabled risk factors for a user's entitlement set.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-risk-factor-config\"\n }, \"Risk Factors Configuration\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"RISK_EVENT_TYPE\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"An audit log attribute indicating which type of risk event (title change, supervisor change, or department change) triggered a log entry.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-risk-event-driven-cert\"\n }, \"Risk Event Driven Certification\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"RISK_WAS_ADDRESSED\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"An audit log attribute indicating whether a user's access has been reviewed since the risk event occurred (\", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"true\"), \" = reviewed, \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"false\"), \" = not yet reviewed).\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-risk-event-driven-cert\"\n }, \"Risk Event Driven Certification\")), mdx(\"hr\", null), mdx(\"h2\", null, \"S\"), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Scheduled Interval\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"The frequency at which a campaign is automatically launched: annually, semi-annually, or quarterly.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"1-entitlmentcert\"\n }, \"Entitlement Based Certification\"), \" | \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-usercert\"\n }, \"User Based Review\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Scope Report\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A certification report showing the initial state of a campaign: which users, which access, and which reviewers are included. Generated automatically when a campaign is initiated.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"3-certification-reporting\"\n }, \"Certification Reporting\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Segregation of Duties (SoD)\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A security and compliance control that prevents any single user from holding a combination of conflicting access rights that could enable fraud or abuse of privilege.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"9-segregation-of-duties\"\n }, \"SoD Policies\"), \" | \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"10-mitigation-controls\"\n }, \"Mitigation Controls for SoD\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Select Reviewer\"), \" \", mdx(\"em\", {\n parentName: \"p\"\n }, \"(Reviewer type)\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A reviewer type where a specific named user is chosen to perform the review.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-usercert\"\n }, \"User Based Review\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"SelfService Portal\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"The end-user portal where users can submit access requests and, when configured, review their own access.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-usercert\"\n }, \"User Based Review\"), \" | \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"4-membership-tags\"\n }, \"Membership Tags\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Self-Review\"), \" \", mdx(\"em\", {\n parentName: \"p\"\n }, \"(Reviewer type)\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A reviewer type that allows the target user to review their own access via the SelfService portal.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-usercert\"\n }, \"User Based Review\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Sequential Review\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A review process in multi-reviewer campaigns where reviewers act one after another, each evaluating only the access accepted by the previous reviewer.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"8-multiple-reviwer-campaigns\"\n }, \"Multi-Reviewer Campaigns\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Service Account Owner\"), \" \", mdx(\"em\", {\n parentName: \"p\"\n }, \"(Reviewer type)\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A reviewer type for related accounts, where the primary user acts as the reviewer.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-usercert\"\n }, \"User Based Review\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"SoD Violation\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"An instance where a user holds a combination of entitlements defined as conflicting by an SoD policy. Can be \", mdx(\"em\", {\n parentName: \"p\"\n }, \"Soft\"), \" (allowed but recorded) or \", mdx(\"em\", {\n parentName: \"p\"\n }, \"Hard\"), \" (provisioning blocked).\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"9-segregation-of-duties\"\n }, \"SoD Policies\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"SOX / SOC 2 / ISO 27001\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"Regulatory and compliance standards that SoD policies help enforce by controlling conflicting access rights.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"9-segregation-of-duties\"\n }, \"SoD Policies\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Soft Violation\"), \" \", mdx(\"em\", {\n parentName: \"p\"\n }, \"(SoD)\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"An SoD violation type that allows the provisioning operation to proceed but records the conflict and notifies the responsible manager group.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"9-segregation-of-duties\"\n }, \"SoD Policies\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Supervisor\"), \" \", mdx(\"em\", {\n parentName: \"p\"\n }, \"(Reviewer type)\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A reviewer type that routes the review to the user's direct supervisor. If no supervisor is assigned, the review goes to the Sysadmin account.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-usercert\"\n }, \"User Based Review\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Supervisor Change\"), \" \", mdx(\"em\", {\n parentName: \"p\"\n }, \"(Risk event)\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A profile change that qualifies as a risk event and can trigger a risk event driven certification review.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-risk-event-driven-cert\"\n }, \"Risk Event Driven Certification\")), mdx(\"hr\", null), mdx(\"h2\", null, \"T\"), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Title Change\"), \" \", mdx(\"em\", {\n parentName: \"p\"\n }, \"(Risk event)\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A profile change that qualifies as a risk event and can trigger a risk event driven certification review.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-risk-event-driven-cert\"\n }, \"Risk Event Driven Certification\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Type of Certification\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A campaign field determining the scope of the review: \", mdx(\"em\", {\n parentName: \"p\"\n }, \"User\"), \" (all access for selected users) or \", mdx(\"em\", {\n parentName: \"p\"\n }, \"Application\"), \" (specific applications and entitlements).\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"1-entitlmentcert\"\n }, \"Entitlement Based Certification\"), \" | \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-usercert\"\n }, \"User Based Review\")), mdx(\"hr\", null), mdx(\"h2\", null, \"U\"), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"UAR\"), \" \\u2014 see \", mdx(\"em\", {\n parentName: \"p\"\n }, \"Access Certification\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"UAR Manager\"), \" \\u2014 see \", mdx(\"em\", {\n parentName: \"p\"\n }, \"Manager of Access Review\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"UAR_AWARENESS\"), \" \", mdx(\"em\", {\n parentName: \"p\"\n }, \"(Risk factor)\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A risk factor tracking whether entitlements have been reviewed in recent User Access Reviews. Unreviewed entitlements carry higher risk.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-risk-factor-config\"\n }, \"Risk Factors Configuration\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"User Manager\"), \" \", mdx(\"em\", {\n parentName: \"p\"\n }, \"(Reviewer type)\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A reviewer type assigning the review to the supervisor of the user whose access is being reviewed.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-usercert\"\n }, \"User Based Review\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"User Selection\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"Campaign configuration that determines which users are included in the review, for example by filtering on user type (contractor, service account, etc.).\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-usercert\"\n }, \"User Based Review\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"User Type\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"A classification of users (e.g., contractors, service accounts, employees) used in User Selection to scope a campaign to a specific population.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"2-usercert\"\n }, \"User Based Review\")), mdx(\"hr\", null), mdx(\"h2\", null, \"V\"), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Violation\"), \" \", mdx(\"em\", {\n parentName: \"p\"\n }, \"(SoD)\"), \" \\u2014 see \", mdx(\"em\", {\n parentName: \"p\"\n }, \"SoD Violation\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Violation Detection\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"The process of evaluating a user's full entitlement set against all active SoD policies to identify conflicts. Detection is triggered on every provisioning operation and when a policy is updated.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"9-segregation-of-duties\"\n }, \"SoD Policies\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Violation Remediation\"), mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"The process of resolving an SoD violation by either removing the conflicting access or granting a formal exemption.\", mdx(\"br\", {\n parentName: \"p\"\n }), \"\\n\", \"\\u2192 Read more in: \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"9-segregation-of-duties\"\n }, \"SoD Policies\")));\n}\n;\nMDXContent.isMDXComponent = true;","tableOfContents":{"items":[{"url":"#a","title":"A"},{"url":"#b","title":"B"},{"url":"#c","title":"C"},{"url":"#d","title":"D"},{"url":"#e","title":"E"},{"url":"#g","title":"G"},{"url":"#h","title":"H"},{"url":"#i","title":"I"},{"url":"#m","title":"M"},{"url":"#o","title":"O"},{"url":"#p","title":"P"},{"url":"#r","title":"R"},{"url":"#s","title":"S"},{"url":"#t","title":"T"},{"url":"#u","title":"U"},{"url":"#v","title":"V"}]},"parent":{"relativePath":"admin/7-access-cert/thesaurus.md"},"frontmatter":{"metaTitle":"Access Certification Thesaurus","metaDescription":"A glossary of key terms used across Access Certification topics, with links to relevant documentation."}},"allMdx":{"edges":[{"node":{"fields":{"slug":"/changelog","title":"Change log"}}},{"node":{"fields":{"slug":"/appendix","title":"Appendix"}}},{"node":{"fields":{"slug":"/connectorconfig","title":"IdM Connectors"}}},{"node":{"fields":{"slug":"/admin","title":"Administration guide"}}},{"node":{"fields":{"slug":"/developerguide","title":"Developer Guide"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice","title":"End user guide for SelfService portal"}}},{"node":{"fields":{"slug":"/getting-started","title":"Getting Started"}}},{"node":{"fields":{"slug":"/troubleshooting","title":"FAQ / Troubleshooting"}}},{"node":{"fields":{"slug":"/whatsnew","title":"What's new in OpenIAM"}}},{"node":{"fields":{"slug":"/ssocatalog","title":"SSO Catalog"}}},{"node":{"fields":{"slug":"/admin/0-login","title":"Logging in to the admin portal"}}},{"node":{"fields":{"slug":"/admin/1-exportimport","title":"Import / Export"}}},{"node":{"fields":{"slug":"/","title":"Welcome to the OpenIAM Documentation"}}},{"node":{"fields":{"slug":"/installation","title":"Installing OpenIAM"}}},{"node":{"fields":{"slug":"/admin/1-usradmin","title":"User administration"}}},{"node":{"fields":{"slug":"/admin/12-administration","title":"Administration"}}},{"node":{"fields":{"slug":"/admin/10-consent-management","title":"Consent management"}}},{"node":{"fields":{"slug":"/admin/10-password","title":"Password policy"}}},{"node":{"fields":{"slug":"/admin/13-selfregistration","title":"Self-registration"}}},{"node":{"fields":{"slug":"/admin/15-audit","title":"Audit"}}},{"node":{"fields":{"slug":"/admin/14-Help.Desk.User.Profile.Protection","title":"HelpDesk profile protection"}}},{"node":{"fields":{"slug":"/admin/16-admin-pswd-change","title":"Password reset for administrator's account"}}},{"node":{"fields":{"slug":"/admin/18-services-passwd-change-k8","title":"Password update for OpenIAM services in Kubernetes"}}},{"node":{"fields":{"slug":"/admin/2-authentication","title":"Authentication"}}},{"node":{"fields":{"slug":"/admin/19-reports","title":"OpenIAM report services"}}},{"node":{"fields":{"slug":"/admin/21-graph-rebuild","title":"Rebuilding OpenIAM's in-memory authorization graph"}}},{"node":{"fields":{"slug":"/admin/3-authz","title":"Managing access"}}},{"node":{"fields":{"slug":"/admin/4-app-onboarding","title":"Application onboarding"}}},{"node":{"fields":{"slug":"/admin/20-virtual-tentant-by-org","title":"Enabling a virtual tenant by organization"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov","title":"Requests / Approval"}}},{"node":{"fields":{"slug":"/admin/22-token-session-util","title":"Session management utility for RPM"}}},{"node":{"fields":{"slug":"/admin/7-access-cert","title":"User access review"}}},{"node":{"fields":{"slug":"/admin/8-sso","title":"Federation / SSO to applications"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle","title":"Automated provisioning"}}},{"node":{"fields":{"slug":"/changelog/13-Release-4.2.1.7","title":"Release 4.2.1.7"}}},{"node":{"fields":{"slug":"/changelog/14-Release-4.2.1.8","title":"Release 4.2.1.8"}}},{"node":{"fields":{"slug":"/changelog/12-Release-4.2.1.6","title":"Release 4.2.1.6"}}},{"node":{"fields":{"slug":"/changelog/11-Release-4.2.1.5","title":"Release 4.2.1.5"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy","title":"Access gateway"}}},{"node":{"fields":{"slug":"/changelog/16-Release-4.2.1.10","title":"Release 4.2.1.10"}}},{"node":{"fields":{"slug":"/changelog/15-Release-4.2.1.9","title":"Release 4.2.1.9"}}},{"node":{"fields":{"slug":"/changelog/17-Release-4.2.1.11","title":"Release 4.2.1.11"}}},{"node":{"fields":{"slug":"/changelog/18-Release-4.2.1.12","title":"Release 4.2.1.12"}}},{"node":{"fields":{"slug":"/changelog/19-Release-4.2.1.13","title":"Release 4.2.1.13"}}},{"node":{"fields":{"slug":"/changelog/20-Release-4.2.1.14","title":"Release 4.2.1.14"}}},{"node":{"fields":{"slug":"/changelog/22-v2026.1.1","title":"Changelog for v2026.1.1"}}},{"node":{"fields":{"slug":"/appendix/1-self-signedcert","title":"Generate Self-signed Cert"}}},{"node":{"fields":{"slug":"/appendix/2-openssl","title":"Install OpenSSL"}}},{"node":{"fields":{"slug":"/changelog/23-v2026.5.2","title":"Changelog for v2026.5.2"}}},{"node":{"fields":{"slug":"/changelog/21-Release-4.2.1.15","title":"Release 4.2.1.15"}}},{"node":{"fields":{"slug":"/appendix/3-installopenldap","title":"Install OpenLDAP on Ubuntu"}}},{"node":{"fields":{"slug":"/connectorconfig/2-configparam","title":"Connector parameters"}}},{"node":{"fields":{"slug":"/connectorconfig/4-troubleshootingconnector","title":"Provisioning operations troubleshooting"}}},{"node":{"fields":{"slug":"/connectorconfig/JDBC","title":"JDBC connector"}}},{"node":{"fields":{"slug":"/connectorconfig/LDAP","title":"LDAP connector"}}},{"node":{"fields":{"slug":"/connectorconfig/SAPUME","title":"SAP UME connector"}}},{"node":{"fields":{"slug":"/connectorconfig/adp","title":"ADP connector"}}},{"node":{"fields":{"slug":"/appendix/4-prepforprod","title":"Prepare for Production"}}},{"node":{"fields":{"slug":"/connectorconfig/aerospike","title":"Aerospike connector"}}},{"node":{"fields":{"slug":"/connectorconfig/freeIPA","title":"FreeIPA connector"}}},{"node":{"fields":{"slug":"/connectorconfig/gsuite","title":"GSuite connector"}}},{"node":{"fields":{"slug":"/connectorconfig/linux","title":"Linux connector"}}},{"node":{"fields":{"slug":"/connectorconfig/aws","title":"AWS connector"}}},{"node":{"fields":{"slug":"/connectorconfig/oracle","title":"Oracle RDBMS connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft","title":"Microsoft Application Connectors"}}},{"node":{"fields":{"slug":"/connectorconfig/oracleebs","title":"Oracle EBS connector"}}},{"node":{"fields":{"slug":"/connectorconfig/postgresql","title":"PostgreSQL connector"}}},{"node":{"fields":{"slug":"/admin/17-services-manual-passwd-change","title":"Manual password update for OpenIAM services in RPM"}}},{"node":{"fields":{"slug":"/connectorconfig/sap","title":"SAP S/4 Hana connector"}}},{"node":{"fields":{"slug":"/connectorconfig/scriptConnector","title":"Groovy Script connector"}}},{"node":{"fields":{"slug":"/connectorconfig/salesforce","title":"Salesforce.com connector"}}},{"node":{"fields":{"slug":"/connectorconfig/tableau","title":"Tableau connector"}}},{"node":{"fields":{"slug":"/connectorconfig/scim","title":"SCIM connector"}}},{"node":{"fields":{"slug":"/connectorconfig/workday","title":"Workday connector"}}},{"node":{"fields":{"slug":"/developerguide/1-custom-css","title":"Customizing branding"}}},{"node":{"fields":{"slug":"/developerguide/10-OpenIAM-opensource-rep","title":"OpenIAM open source repository"}}},{"node":{"fields":{"slug":"/developerguide/11-groovy-scripts","title":"Groovy Script Management"}}},{"node":{"fields":{"slug":"/developerguide/2-api","title":"RESTful API"}}},{"node":{"fields":{"slug":"/developerguide/3-whitelisting","title":"Whitelisting packages"}}},{"node":{"fields":{"slug":"/developerguide/6-ide","title":"Script development using an IDE"}}},{"node":{"fields":{"slug":"/developerguide/5-datamodel","title":"Data model"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization","title":"Synchronization Scripts"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/1-login","title":"Logging in to SelfService portal"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice","title":"Operations via SelfService portal"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest","title":"Request management"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/6-singlesignon","title":"Single sign-on"}}},{"node":{"fields":{"slug":"/developerguide/4-scheduledtasks","title":"Batch/Scheduled tasks"}}},{"node":{"fields":{"slug":"/getting-started/1-what_is_openiam","title":"What is OpenIAM?"}}},{"node":{"fields":{"slug":"/getting-started/2-productarchitecture","title":"Platform architecture"}}},{"node":{"fields":{"slug":"/getting-started/3-install_openiam","title":"Installing OpenIAM"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/7-useraccess","title":"User access rights"}}},{"node":{"fields":{"slug":"/getting-started/21-concepts","title":"Concepts"}}},{"node":{"fields":{"slug":"/getting-started/5-connecting","title":"Connecting to an authoritative source"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding","title":"Application onboarding"}}},{"node":{"fields":{"slug":"/getting-started/31-planning-workforce","title":"Discovery questions"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning","title":"Automated user provisioning"}}},{"node":{"fields":{"slug":"/getting-started/8-openiam-with-IdP","title":"Integrating OpenIAM with your IdP"}}},{"node":{"fields":{"slug":"/getting-started/99-multifactor-authentication","title":"Configuring multi-factor authentication"}}},{"node":{"fields":{"slug":"/getting-started/9-openiam-as-IdP","title":"Integrating OpenIAM as your IdP"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation","title":"Deploying to Kubernetes"}}},{"node":{"fields":{"slug":"/getting-started/7-selfservice-pswd","title":"SelfService password reset"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation","title":"Deploying on OpenShift"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation","title":"Deploying via RPM on Linux"}}},{"node":{"fields":{"slug":"/installation/8-sizing","title":"Sizing recommendations"}}},{"node":{"fields":{"slug":"/installation/9-data_migration","title":"OpenIAM data migration"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation","title":"Deploying via Docker"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous","title":"Miscellaneous related articles"}}},{"node":{"fields":{"slug":"/ssocatalog/AWS","title":"AWS SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Freshdesk","title":"Freshdesk SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Gsuite","title":"GSuite SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Azure","title":"Azure SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Salesforce","title":"Salesforce.com"}}},{"node":{"fields":{"slug":"/ssocatalog/okta","title":"Okta SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Office365","title":"Office365 SSO"}}},{"node":{"fields":{"slug":"/troubleshooting/cluster","title":"Cluster"}}},{"node":{"fields":{"slug":"/troubleshooting/environment","title":"Environment"}}},{"node":{"fields":{"slug":"/troubleshooting/docker","title":"Docker Swarm"}}},{"node":{"fields":{"slug":"/troubleshooting/connectors","title":"Connectors"}}},{"node":{"fields":{"slug":"/troubleshooting/operational","title":"Operational"}}},{"node":{"fields":{"slug":"/troubleshooting/rpm","title":"RPM"}}},{"node":{"fields":{"slug":"/whatsnew/1-v420","title":"New in v4.2.0.0"}}},{"node":{"fields":{"slug":"/troubleshooting/v3_update","title":"Update from V3.X to V4.X"}}},{"node":{"fields":{"slug":"/whatsnew/10-v4218","title":"New in v4.2.1.8"}}},{"node":{"fields":{"slug":"/whatsnew/11-v4219","title":"New in v4.2.1.9"}}},{"node":{"fields":{"slug":"/whatsnew/14-v42112","title":"New in v4.2.1.12"}}},{"node":{"fields":{"slug":"/whatsnew/15-v42113","title":"New in v4.2.1.13"}}},{"node":{"fields":{"slug":"/whatsnew/16-v42115","title":"New in v4.2.1.15"}}},{"node":{"fields":{"slug":"/whatsnew/16-v422","title":"New in v4.2.2"}}},{"node":{"fields":{"slug":"/whatsnew/13-v42111","title":"New in v4.2.1.11"}}},{"node":{"fields":{"slug":"/whatsnew/17-v2026.1.1","title":"New in v2026.1.1"}}},{"node":{"fields":{"slug":"/whatsnew/18-v2026.3.1","title":"New in v2026.3.1"}}},{"node":{"fields":{"slug":"/whatsnew/12-v42110","title":"New in v4.2.1.10"}}},{"node":{"fields":{"slug":"/whatsnew/18-v2026.2.1","title":"New in v2026.2.1"}}},{"node":{"fields":{"slug":"/whatsnew/19-v2026.3.2","title":"New in v2026.3.2"}}},{"node":{"fields":{"slug":"/whatsnew/20-v2026.3.3","title":"New in 2026.3.3"}}},{"node":{"fields":{"slug":"/whatsnew/21-v2026.4.2","title":"New in v2026.4.2"}}},{"node":{"fields":{"slug":"/whatsnew/20-v2026.4.1","title":"New in v2026.4.1"}}},{"node":{"fields":{"slug":"/whatsnew/22-v2026.5.2","title":"New in v2026.5.2"}}},{"node":{"fields":{"slug":"/whatsnew/8-v4216","title":"New in v4.2.1.6"}}},{"node":{"fields":{"slug":"/whatsnew/9-v4217","title":"New in v4.2.1.7"}}},{"node":{"fields":{"slug":"/whatsnew/7-v4215","title":"New in v4.2.1.5"}}},{"node":{"fields":{"slug":"/connectorconfig/rexx","title":"Rexx connector"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/10-bulkoperations","title":"Bulk operations"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/1-createuser","title":"Creating a user"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/11-bulkentitlements","title":"Bulk operations with entitlements"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/13-unlock-account","title":"Unlocking an account"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/14-add-remove-entitlements","title":"Adding/Removing entitlements"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/15-rehireuserflow","title":"Rehire user flow"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/12-externaldelegation","title":"Organization level delegation"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/16-user-conversion","title":"User conversion"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/17-newhireworkflow","title":"New hire workflow configuration"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/18-creating-new-dept-division","title":"Creating a new department or division"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/3-adminoperations","title":"Administrative actions on a User"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/4-pageconfiguration","title":"Configuring page templates"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/2-usertypes","title":"Custom user types"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/5-finduser","title":"User search"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/8-serviceaccounts","title":"Service accounts"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/7-customfields","title":"Custom fields"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/9-orphanmanagement","title":"Orphan management"}}},{"node":{"fields":{"slug":"/admin/10-password/1-pswd-compromised","title":"Password breach detection"}}},{"node":{"fields":{"slug":"/admin/12-administration/3-squence-generator","title":"Sequence generators"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/6-relatedAccount","title":"Related accounts"}}},{"node":{"fields":{"slug":"/admin/12-administration/4-otpconfig","title":"Configure OTP Provider"}}},{"node":{"fields":{"slug":"/admin/12-administration/6-languages","title":"Managing languages"}}},{"node":{"fields":{"slug":"/admin/12-administration/5-links","title":"External links on login page"}}},{"node":{"fields":{"slug":"/admin/12-administration/7-reconciliationhistory","title":"Reconciliation history"}}},{"node":{"fields":{"slug":"/admin/12-administration/8-aboutopenIAM-page","title":"About OpenIAM Page"}}},{"node":{"fields":{"slug":"/admin/12-administration/9-reindex_elasticsearch","title":"Reindex Opensearch"}}},{"node":{"fields":{"slug":"/admin/15-audit/2-audit-log-export-connector","title":"Audit log export connector"}}},{"node":{"fields":{"slug":"/admin/12-administration/99-heartbeat","title":"Heartbeat links"}}},{"node":{"fields":{"slug":"/admin/2-authentication/1-auth-overview","title":"Configuring authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/11-credentialprovider","title":"Credential provider"}}},{"node":{"fields":{"slug":"/admin/2-authentication/10-fidologin","title":"FIDO-2 authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/13-criiptoauth","title":"Criipto authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/12-account-unlock","title":"Setting up account unlock"}}},{"node":{"fields":{"slug":"/admin/15-audit/1-audit-events-interpret","title":"Audit events interpretation"}}},{"node":{"fields":{"slug":"/admin/2-authentication/14-duo-auth","title":"Duo authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/15-modernauth","title":"Microsoft Modern authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/12-certificateauth","title":"Configuring certificate-based authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/16-external-multiselect-auth","title":"External/multiselect authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/2-auth-policy","title":"Authentication policy"}}},{"node":{"fields":{"slug":"/admin/2-authentication/2-delegatedauth","title":"Managed System authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/21-dashboards","title":"Monitoring dashboards"}}},{"node":{"fields":{"slug":"/admin/2-authentication/3-passwordauth","title":"Password-based authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/9-adaptiveauth","title":"Adaptive authentication"}}},{"node":{"fields":{"slug":"/admin/3-authz/1-overview","title":"Introduction to access control"}}},{"node":{"fields":{"slug":"/admin/2-authentication/7-otp","title":"OTP over SMS or E-mail"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus","title":"Menus"}}},{"node":{"fields":{"slug":"/admin/3-authz/10-accessright","title":"Access rights"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social","title":"Social authentication"}}},{"node":{"fields":{"slug":"/admin/3-authz/11-contentprovider","title":"Content provider"}}},{"node":{"fields":{"slug":"/admin/3-authz/3-groups","title":"Managing groups"}}},{"node":{"fields":{"slug":"/admin/3-authz/4-types","title":"Metadata types"}}},{"node":{"fields":{"slug":"/admin/3-authz/3-conflict-groups","title":"Conflict Groups"}}},{"node":{"fields":{"slug":"/admin/3-authz/5-resources","title":"Managing resources"}}},{"node":{"fields":{"slug":"/admin/3-authz/8-accesstossoapps","title":"Access to SSO applications"}}},{"node":{"fields":{"slug":"/admin/3-authz/6-organization","title":"Managing organizations"}}},{"node":{"fields":{"slug":"/admin/3-authz/9-approvalflow","title":"Configuring approval workflows"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles","title":"Managing roles"}}},{"node":{"fields":{"slug":"/admin/4-app-onboarding/1-Automated-applications","title":"Connected applications"}}},{"node":{"fields":{"slug":"/admin/4-app-onboarding/2-Manual-applications","title":"Manual applications"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/10-managedsystemsimulation","title":"Managed system simulation mode"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/11-provisioning-config","title":"Configure Provisioning"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/12-LDAP-managedsys-config","title":"LDAP Managed system configuration"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/2-incrementalsynch","title":"Incremental synchronization"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/3-recon","title":"Configure reconciliation"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/6-managedsystem-config","title":"Managed system configuration"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/4-birthright","title":"Birthright access"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/5-recon-groovy","title":"Groovy Scripts for Reconciliation"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/8-importentitlements","title":"Import entitlements"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/9-importorganization","title":"Import Organizations"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/1-synch","title":"Configuring synchronization"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/1-application-category","title":"Application categories"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/2-approval-flow","title":"Approval flow"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/5-approve-by-email","title":"Approving requests via Email"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/3-manualTasks","title":"Manual tasks"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/4-post-request","title":"After request has been approved"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/7-questionnaire","title":"Questionnaire"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/1-entitlmentcert","title":"Entitlement based certification"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/11-campaign-dashboard","title":"Campaign dashboard"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/2-risk-event-driven-cert","title":"Risk event driven certification"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/3-certification-reporting","title":"Certification reporting"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/2-risk-factor-config","title":"Risk factors configuration"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/5-delete-campaign","title":"Deleting an access certification campaign"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/10-mitigation-controls","title":"Mitigation controls for SoD"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/4-membership-tags","title":"Membership tags"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/6-campaign-database","title":"Access certification campaigns as database objects"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/7-expiration-policy","title":"Expiration policy"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/2-usercert","title":"User based review"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/9-segregation-of-duties","title":"Segregation of Duties (SoD) policies"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/thesaurus","title":"Access Certification Thesaurus"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/8-multiple-reviwer-campaigns","title":"Multi-reviewer user access review campaigns"}}},{"node":{"fields":{"slug":"/admin/8-sso/2-oauth2","title":"oAuth 2.0"}}},{"node":{"fields":{"slug":"/admin/8-sso/1-saml","title":"Add SAML SP to OpenIAM"}}},{"node":{"fields":{"slug":"/admin/8-sso/3-oidc","title":"OpenID Connect"}}},{"node":{"fields":{"slug":"/admin/8-sso/5-auth_scopes","title":"OpenIAM oAuth scopes"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/2-headerinj","title":"Header Injection"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/3-urlrewriting","title":"URL Rewriting"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/6-example","title":"Examples"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/7-rProxy-loadbalancer","title":"Reverse Proxy with Load Balancer"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/8-kerberos","title":"Setting up Kerberos via rProxy"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/1-formfill","title":"Form Fill"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/9-directive-reference","title":"mod_openiam Directive Reference"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/1-powershellconnectorinstallation","title":"Installing PowerShell connectors"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/10-winlocal","title":"WinLocal OpenIAM connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/12-WindowsPasswordFilter","title":"AD Password Filter"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/13-successfactors","title":"SuccessFactors connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/12-dynamics365FO","title":"Dynamics365 Finance&Operations connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/15-powershell-generic","title":"Building a custom PowerShell connector for OpenIAM"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management","title":"Mail management"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig","title":"System configuration"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/14-psgraph","title":"Microsoft Graph PowerShell connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/16-teams","title":"Microsoft Teams connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/2-powershellconnectorsusage","title":"Using PowerShell connectors"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/3-powershellconnectorupdate","title":"Updating PowerShell connectors"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/5-azuread","title":"Entra ID/O365 connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/6-exchange","title":"Exchange connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/7-azuredevops","title":"Azure DevOps connector"}}},{"node":{"fields":{"slug":"/connectorconfig/scriptConnector/connector-request-template","title":"OpenIAM connector request template"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/9-sqlserver","title":"Microsoft SQL Server connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/8-dynamics365","title":"Dynamics365 connector"}}},{"node":{"fields":{"slug":"/developerguide/1-custom-css/2-cssexamples","title":"CSS file examples"}}},{"node":{"fields":{"slug":"/developerguide/1-custom-css/1-customcss","title":"Creating custom CSS"}}},{"node":{"fields":{"slug":"/connectorconfig/scriptConnector/GroovyScriptConnector","title":"Configuring Groovy Script connector"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman","title":"Getting started with Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java","title":"Getting started with Java"}}},{"node":{"fields":{"slug":"/developerguide/4-sheduledtasks/1-provision-on-date","title":"Provision/Deprovision on date"}}},{"node":{"fields":{"slug":"/developerguide/4-sheduledtasks/2-access-certification-reminder","title":"Notification reminders for approvers"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python","title":"Getting started with Python"}}},{"node":{"fields":{"slug":"/developerguide/5-datamodel/2-rbacmodel","title":"Access control model"}}},{"node":{"fields":{"slug":"/developerguide/5-datamodel/1-usermodel","title":"User data model"}}},{"node":{"fields":{"slug":"/developerguide/8-api/approver-association","title":"/webconsole - approver-association"}}},{"node":{"fields":{"slug":"/developerguide/8-api/access-right","title":"/webconsole - access-right"}}},{"node":{"fields":{"slug":"/developerguide/8-api/audit-log","title":"/webconsole - audit-log"}}},{"node":{"fields":{"slug":"/developerguide/8-api/authentication-grouping","title":"/webconsole - authentication-grouping"}}},{"node":{"fields":{"slug":"/developerguide/8-api/access-certification","title":"/webconsole - access-certification"}}},{"node":{"fields":{"slug":"/developerguide/8-api/batch","title":"/webconsole - batch"}}},{"node":{"fields":{"slug":"/developerguide/8-api/auth-provider","title":"/webconsole - auth-provider"}}},{"node":{"fields":{"slug":"/developerguide/8-api/challenge-response","title":"/webconsole - challenge-response"}}},{"node":{"fields":{"slug":"/developerguide/8-api/connector","title":"/webconsole - connector"}}},{"node":{"fields":{"slug":"/developerguide/8-api/groovy-manager","title":"/webconsole - groovy-manager"}}},{"node":{"fields":{"slug":"/developerguide/8-api/content-provider","title":"/webconsole - content-provider"}}},{"node":{"fields":{"slug":"/developerguide/8-api/email","title":"/webconsole - email"}}},{"node":{"fields":{"slug":"/developerguide/8-api/field","title":"/webconsole - field"}}},{"node":{"fields":{"slug":"/developerguide/8-api/group","title":"/webconsole - group"}}},{"node":{"fields":{"slug":"/developerguide/8-api/it-policy","title":"/webconsole - it-policy"}}},{"node":{"fields":{"slug":"/developerguide/8-api/idp-oauth","title":"/idp - idp-oauth"}}},{"node":{"fields":{"slug":"/developerguide/8-api/elastic-search","title":"/webconsole - elastic-search"}}},{"node":{"fields":{"slug":"/developerguide/8-api/idp-rest","title":"/idp - idp-rest"}}},{"node":{"fields":{"slug":"/developerguide/8-api/managed-system","title":"/webconsole - managed-system"}}},{"node":{"fields":{"slug":"/developerguide/8-api/menu","title":"/webconsole - menu"}}},{"node":{"fields":{"slug":"/developerguide/8-api/metadata","title":"/webconsole - metadata"}}},{"node":{"fields":{"slug":"/developerguide/8-api/oauth","title":"/webconsole - oauth"}}},{"node":{"fields":{"slug":"/developerguide/8-api/organization-type","title":"/webconsole - organization-type"}}},{"node":{"fields":{"slug":"/developerguide/8-api/organization","title":"/webconsole - organization"}}},{"node":{"fields":{"slug":"/developerguide/8-api/page-template","title":"/webconsole - page-template"}}},{"node":{"fields":{"slug":"/developerguide/8-api/property-value","title":"/webconsole - property-value"}}},{"node":{"fields":{"slug":"/developerguide/8-api/policy","title":"/webconsole - policy"}}},{"node":{"fields":{"slug":"/developerguide/8-api/resource-type","title":"/webconsole - resource-type"}}},{"node":{"fields":{"slug":"/developerguide/8-api/report","title":"/webconsole - report"}}},{"node":{"fields":{"slug":"/developerguide/8-api/resource","title":"/webconsole - resource"}}},{"node":{"fields":{"slug":"/developerguide/8-api/sync-config","title":"/webconsole - sync-config"}}},{"node":{"fields":{"slug":"/developerguide/8-api/role","title":"/webconsole - role"}}},{"node":{"fields":{"slug":"/developerguide/8-api/system","title":"/webconsole - system"}}},{"node":{"fields":{"slug":"/developerguide/8-api/sync-rest","title":"/webconsole - sync-rest"}}},{"node":{"fields":{"slug":"/developerguide/8-api/ui-theme","title":"/webconsole - ui-theme"}}},{"node":{"fields":{"slug":"/developerguide/8-api/uri-pattern","title":"/webconsole - uri-pattern"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/1-autoprov","title":"Automated provisioning Scripts"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import","title":"Import from application"}}},{"node":{"fields":{"slug":"/developerguide/8-api/user","title":"/webconsole - user"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/3-importing_groups","title":"Importing groups from application"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/4-relations-with-manager","title":"Populating a manager"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/1-forgotpassword","title":"Forgot password"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/3-changepassword","title":"Updating your password"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/2-updateprofile","title":"Updating user profile"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/4-outofoffice","title":"Out of office assistant"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/5-forgotusername","title":"Forgot username"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/6-updatesecquestions","title":"Updating security questions"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/10-positionchange","title":"Position change request"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/1-servicecatalog","title":"Requesting access via catalog"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/11-accessprofiles","title":"Access profiles"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/2-jobprofile","title":"Requesting access from profile"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/5-approverequest","title":"Approving requests"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/6-requestadministration","title":"Request administration"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/12-bulkupload","title":"Uploading users in bulk"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/7-requesthistory","title":"Requests history"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/8-newgroup","title":"Creating a group request"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/9-newuser","title":"Creating a new user"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/7-useraccess/1-viewmyaccess","title":"View my access"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/7-useraccess/3-UAR-in-Self-Service","title":"User access review module in SelfService"}}},{"node":{"fields":{"slug":"/getting-started/31-planning-workforce/1-designrole","title":"Designing business roles"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/7-useraccess/2-directreports","title":"View direct reports"}}},{"node":{"fields":{"slug":"/getting-started/31-planning-workforce/2-openiam-access-role","title":"Designing access roles"}}},{"node":{"fields":{"slug":"/getting-started/31-planning-workforce/3-connector-planning","title":"Connector requirements"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial","title":"Automated provisioning tutorial"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/1-jml","title":"Joiners, movers, leavers processes"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/1-connect","title":"Deploying and registering connectors"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements","title":"Importing entitlements"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements","title":"Importing users and their entitlement memberships"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/1-singlenode","title":"Single VM Install"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/12-migrating-onpremises-to-cloud","title":"Migrating OpenIAM from on-premises installation to a cloud-based infrastructure"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/11-configuration-options","title":"Configuration options in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/10-ha-rpm","title":"High availability (HA) deployment using RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/2-rproxy","title":"r-Proxy installation in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/4-backup","title":"RPM backup / recovery"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/5-ports","title":"Deployment architecture in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-migrating-non-production-to-production-environment","title":"Migrating non-production to production environment in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/7-remoteDB","title":"Installing OpenIAM with a remote database in RPM environment"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/8-ssl","title":"Configuring HTTPS in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/9-rabbitssl","title":"Enable TLS for RabbitMQ in RPM"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/2-Configuration-options","title":"Configuration options in Docker"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading","title":"Upgrading OpenIAM in RPM"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/1-https","title":"Configuring HTTPS on Docker"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading","title":"Upgrading OpenIAM in Docker environment"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/6-externalDB","title":"Installing OpenIAM with a remote database in Docker"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/5-docker-swarm-backup","title":"Backup / restore in Docker Swarm"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/1-ssl","title":"Configuring HTTPS in Kubernetes"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/11-common-scenario","title":"Installing OpenIAM in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/12-vault-migration-fromRPM-toK8","title":"Migration of Vault from RPM-based cluster to Kubernetes-based OpenIAM cluster"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/10-backup-and-restoration","title":"Backup and restoration procedure in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/3-depl-without-terraform","title":"Deploying OpenIAM on Kubernetes using Helm"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/4-RabbitMQ-TLS","title":"RabbitMQ TLS directory in Kubernetes"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/4-YAML-files","title":"Docker YAML files"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms","title":"Kubernetes Platforms"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/2-deployment-with-terraform","title":"Deploying OpenIAM with Terraform"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading","title":"Upgrading OpenIAM in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/7-useal-keys-restoration","title":"Backing up and restoring the vault unseal keys in Kubernetes"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/1-create-cluster","title":"Creating an OpenShift cluster on Azure"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/9-remoteDB","title":"Installing OpenIAM with a remote database in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/2-connect-to-cluster","title":"Connect to OpenShift cluster on Azure"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/3-deploy-OpenIAM-helm","title":"Deploy OpenIAM to OpenShift cluster with Helm"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/4-some-descriptions-helm","title":"Memory requirements for OpenShift deployment with Helm"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/5-localhost-dev-cluster","title":"Localhost development cluster"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/6-deploy-from-windows","title":"Deploy OpenIAM to OpenShift cluster with Helm (from Windows)"}}},{"node":{"fields":{"slug":"/installation/8-sizing/1-small-k8","title":"Small Enterprise - K8"}}},{"node":{"fields":{"slug":"/installation/8-sizing/2-medium-k8","title":"Medium Enterprise - K8"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/02-hardening","title":"Securing your installation"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/8-AKS_with_ext_MSSQL","title":"Deploying OpenIAM on AKS (Kubernetes) with an external MSSQL database"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/01-log4j","title":"Log4j Vulnerability"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/03-db-switch","title":"Change OpenIAM product database"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/04-compatibility","title":"Compatibility matrix"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/05-postgres-install","title":"Installing PostgreSQL 15"}}},{"node":{"fields":{"slug":"/installation/9-data_migration/1-migrating_ES_Docker","title":"Verifying and migrating Elasticsearch data in Docker-based OpenIAM cluster"}}},{"node":{"fields":{"slug":"/installation/99-miscellaneous/04-compatibility","title":"Compatibility Matrix"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/1-connectorlogs","title":"View container logs"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/3-uninstall","title":"Remove an OpenIAM Docker Install"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/2-containersrestart","title":"Containers Restarting"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/4-troubleshooting-steps","title":"Troubleshooting steps in a container-based cluster"}}},{"node":{"fields":{"slug":"/troubleshooting/environment/disableswap","title":"Disable swap"}}},{"node":{"fields":{"slug":"/troubleshooting/environment/memoryutili","title":"Check memory utilization"}}},{"node":{"fields":{"slug":"/troubleshooting/environment/redismemory","title":"Redis memory utilization"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/5-log-checking-guide","title":"Docker log checking guide"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/access-after-migration","title":"Access problem after migrating OpenIAM"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/activationlink","title":"Error when sending activation link"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/audit-doc-timestamp","title":"Audit document timestamp issue"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/access-forbidden","title":"Access Forbidden error"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/auth-manager","title":"Backend exception error when running authentication manager"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/JDBC-connection-pool","title":"Increasing the JDBC connection pool size"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/database-reset","title":"Database reset"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/elasticsearch-readonly-state","title":"Elasticsearch read-only state"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/flyway_version","title":"Flyway version issue"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/increasing-RAM","title":"Increasing memory for OpenIAM services"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/modifly_system_labels_and_messages","title":"Changing system labels and messages"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/lackof_disk_space","title":"Running out of disk space"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/debug-logs-CassandraJanusGraph","title":"Enabling and disabling debug logs for Cassandra and JanusGraph"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/overriding-app-properties","title":"Overriding UI application properties"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/my-application-page-selfservice","title":"Changing refresh time for My Applications page in SelfService"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/pad-block-corrupted","title":"PAD Block Corrupted"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/remove-navigation-bar","title":"Removing menu items from top navigation bar"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/report-generation-issue","title":"Error during report generating in RPM installations"}}},{"node":{"fields":{"slug":"/troubleshooting/rpm/failed-dependencies","title":"Failed dependencies"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/run_flyway_repair_mode","title":"Run Flyway in repair mode"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/resetting_passwords","title":"Resetting passwords"}}},{"node":{"fields":{"slug":"/troubleshooting/rpm/trobleshooting_guide","title":"Troubleshooting guide for RPM"}}},{"node":{"fields":{"slug":"/troubleshooting/connectors/sync-vs-async-source","title":"Synchronous vs. asynchronous synchronization source for connectors"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/username_in_selfservice","title":"Username not shown in SelfService"}}},{"node":{"fields":{"slug":"/troubleshooting/cluster/1-rabbitmq-reinit","title":"RabbitMQ cluster went out of order"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/unlocksysadmin","title":"Unlock sysadmin"}}},{"node":{"fields":{"slug":"/troubleshooting/cluster/2-rabbitmq-UI","title":"RabbitMQ is not reached from UI in RPM installations"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/4-pageconfiguration/1-userpage","title":"Configuring user page templates"}}},{"node":{"fields":{"slug":"/troubleshooting/cluster/3-Rabbitmq-connection-timeout","title":"RabbitMQ connection timeout issue"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/4-pageconfiguration/4-customtemplates","title":"Custom form templates"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/4-pageconfiguration/2-customuserpage","title":"Creating more custom user edit pages"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/1-system","title":"System tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/3-UI","title":"UI tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/2-regex-validation","title":"Validation regular expressions"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/4-workflow","title":"Workflow tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/5-organization-tab","title":"Organization tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/6-password","title":"Password tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/7-authentication","title":"Authentication tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/8-auditeventstosyslog","title":"Exporting audit events to syslogs"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/1-emailtemplates","title":"Email templates"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/3-multilanguagemail","title":"Multilanguage emails"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/2-smtpconfig","title":"Mailbox Configuration"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/9-health-checks","title":"Configuring health checks for managed systems"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/4-mail-via-azure","title":"Mailbox configuration via Azure application"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/5-alert-notifications","title":"Configuring alert notifications"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/6-email-template-variables","title":"Email template variables reference"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social/1-googlesociallogin","title":"Google Social Login"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social/2-facebooksociallogin","title":"Facebook Social Login"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social/3-linkedinsociallogin","title":"LinkedIn Social Login"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social/4-appleidsociallogin","title":"AppleID Social Login"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus/2-adminaccess","title":"Admin access role"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus/3-FAQ","title":"FAQs about menus and their use"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus/1-enduseraccess","title":"End-user access roles"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus/4-Config-Lhand-menu-SS-MyInfo","title":"Configurable left-hand menu in SelfService 'My Info' page"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles/1-role-types","title":"Types of roles existing in OpenIAM"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles/2-createrole","title":"Create role"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles/3-findrole","title":"Finding an existing role"}}},{"node":{"fields":{"slug":"/admin/3-authz/3-groups/1-create-group","title":"Creating a group"}}},{"node":{"fields":{"slug":"/admin/4-app-onboarding/2-Manual-applications/1-reg-applications","title":"Register applications"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles/5-importingroles","title":"Importing roles"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/11-provisioning-config/1-prepost-processor","title":"Pre/PostProcessor"}}},{"node":{"fields":{"slug":"/admin/8-sso/1-saml/1-jit-provisioning","title":"Just-in-time Provisioning"}}},{"node":{"fields":{"slug":"/admin/8-sso/2-oauth2/1-Auth-code-grand","title":"Authorization code grant type"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/10-winlocal/2-winlocalv5","title":"Version 5"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/10-winlocal/1-winlocalv4","title":"Version 4"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/1-createauthprovider","title":"Create OpenIAM Provider for Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/2-postmanconfig","title":"Create Postman collection"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/4-JWT-tokens","title":"Getting started with JWT tokens in Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/3-add-request","title":"Define an API request in Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/5-postman-links","title":"Postman API documentation links"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/6-example","title":"Client credentials flow with a defined scope in Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/2-grantinguathz","title":"Granting authorization to the API with Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/3-api-call-examples","title":"API calls examples in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/5-object-oriented-impl-example","title":"Object oriented implementation for REST API in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/4-enabling-disabling-user","title":"Enabling/Disabling a user with API calls examples in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/6-OTP-verification","title":"OTP Verification in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/1-createauthprovider","title":"Create OpenIAM oAuth provider in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/1-createauthprovider","title":"Create OpenIAM Provider"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/2-grantauthz","title":"Granting authorization to the API with Java"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/1-autoprov/1-newhires","title":"New hires"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/3-azuread","title":"Entra ID"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/6-importroles","title":"Import Roles"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/1-provisioningCSV","title":"Creating a synchronization configuration for the source"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/3-creating-searching-users","title":"Creating and searching a user with API call in Java"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/4-calls-examples","title":"API calls examples in Java"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/2-policymap","title":"Policy map"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/5-enabling-disabling-users","title":"Enabling/Disabling a user with API calls examples in Java"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/4-birthright","title":"New hire"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/5-transfer","title":"Transfer"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/3-creatingrole","title":"Creating role"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/6-termination","title":"Terminations"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/1-connect/2-rpm","title":"Connectors via RPM"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/1-connect/3-docker","title":" Connectors via Docker"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/1-connect/4-k8","title":" Connectors via Kubernetes"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/2-transformationscripts","title":"Transformation scripts"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/3-troubleshooting","title":"Troubleshooting"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/1-config-synch","title":"Configuring synchronization for importing users and their entitlement memberships"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/2-transformationscripts","title":"Transformation scripts"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/3-common-questions","title":"Common questions"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/1-singlenode/1-rpm-with-internet","title":"Installation with Internet access"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/1-singlenode/2-rpm-no-internet","title":"Installation without Internet access"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/1-singlenode/3-nonroot-partition","title":"Installing OpenIAM on a non-root partition"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/5-ports/1-one-node","title":"Single node deployment"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/1-configuring-synch","title":"Configuring synchronization for importing entitlements"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/5-ports/2-three-node","title":"Three node cluster"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/1-databasemigration","title":"Database migration from version 3.X to 4.X"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/10-upgrading-2026-4-2","title":"Upgrading OpenIAM to v.2026.4.2 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/3-upgradingto-42111","title":"Upgrading from versions 4.2.1.9-4.2.1.10 to version 4.2.1.11 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/2-upgradingto-42110","title":"Upgrading from version 4.2.1.5-4.2-4.2.1.8 to version 4.2.1.10 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/4-migrating-index-data","title":"Migration of index data from older ElasticSearch versions to newer one"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/4-upgradingto-42112","title":"Upgrading from versions 4.2.1.x to version 4.2.1.12 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/5-infrastructure_upgrade","title":"Infrastructure upgrade"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/5-upgradingto-42115","title":"Upgrading from versions 4.2.1.x to version 4.2.1.15 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/6-infra-upgrade-42113","title":"Infrastructure upgrade in v4.2.1.13"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/8-upgrade2026.5.2","title":"Upgrading notes for v.2026.5.2 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/7-upgradingto-422","title":"Upgrading OpenIAM from versions 4.2.1.x to 4.2.2 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/8-upgrading-2026-2-1","title":"Upgrading OpenIAM to v.2026.2.1 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/8-upgrading-2026-3-1","title":"Upgrading OpenIAM to v.2026.3.1 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/8-upgrading-2026-3-2","title":"Upgrading OpenIAM to v.2026.3.2 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/9-422-changes","title":"Known issues related to upgrading from 4.2.1.x to 2026.4.1 version"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/7-remoteDB/1-oracle","title":"Installing OpenIAM with a remote Oracle database in RPM environment"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/7-remoteDB/2-postgres","title":"Installing OpenIAM with a remote Postgres database in RPM environment"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading/1-upgrade-4219","title":"Upgrade from version 4.2.1.5-4.2.1.8 to version 4.2.1.10 in Docker"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/7-remoteDB/3-MSSQL","title":"Installing OpenIAM with a remote MSSQL database in RPM environment"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading/2-upgrade-42110","title":"Upgrade from version 4.2.1.9 to version 4.2.1.10 in Docker"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading/4-upgrade-42115","title":"Upgrade from version 4.2.1.x to version 4.2.1.15 in Docker"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/3-upgrade-42113k8-rabbitmq","title":"Upgrading from version below 4.2.1.8 to version 4.2.1.13 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/4-upgrade-42115k8","title":"Upgrading from versions 4.2.1.x to version 4.2.1.15 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading/3-upgrade-42111","title":"Upgrade from version 4.2.1.10 to version 4.2.1.11 in Docker"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/5-upgrade-42112k8","title":"Upgrading from version 4.2.1.x to version 4.2.1.12 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/7-upg-notes20206.5.2","title":"Upgrading notes for v.2026.5.2 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/6-upgrade-422k8","title":"Upgrading from version 4.2.1.x to version 4.2.2 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms/2-aws","title":"AWS Kubernetes guide"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms/3-helm","title":"Private Kubernetes Cluster using Helm"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms/4-azure","title":"Azure Kubernetes Guide"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/ldap/1-ldapvalidation","title":"Synchronization Validation Script"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms/1-gce","title":"GCE Kubernetes guide"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/ldap/2-ldapsynchusers","title":"LDAP User Synchronization Script"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/ldap/3-ldapattributeslists","title":"LDAP Attribute list for User Synchronization"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/2-transformationscripts/1-ADgroup-transformation","title":"Sample transformation script for AD groups"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/2-transformationscripts/3-ADtransformation-usergroup","title":"Sample transformation script for AD users and group memberships"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/2-transformationscripts/2-csv-transformation","title":"Sample transformation script for a CSV file"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/2-transformationscripts/4-csv-users-entitlements","title":"Sample transformation script for a CSV file"}}},{"node":{"fields":{"slug":"/changelog/21-Release-4.2.2","title":"Release 4.2.2"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/4-adpowershell","title":"Active Directory PowerShell connector"}}},{"node":{"fields":{"slug":"/appendix/5-message_en_file","title":"Message properties"}}}]}},"pageContext":{"id":"5fc0f7ee-81c2-55de-991d-eb7772b2d2a9"}}, "staticQueryHashes": ["2619113677","3706406642","417421954"]}