Entitlement based review

If you have already imported data from the applications that need to be a part of your review, then you are ready to configure the UAR. To configure an entitlement focused review, follow the steps below.

  • From the Webconsole to go to Access control -> Access certification.
  • Click on "New Access Certification" from the side menu which will render the screen below.

New certification configuration

Complete this form using the information described below.

Field nameRequired?Description
Access Certification nameYProvide a descriptive name to uniquely identify your campaign.
Type of certificationYDetermines if this is a user or application + entitlement based review. In this case, select Application
StatusYIndicates if the campaign is active or not. If the status is In-active, then you will not be able to execute it.
Scheduled intervalNAllows you to automatically run the campaign at regular intervals such as Annually, Semi-annually and quarterly
Reference start dateNIf the campaign is to be run at regular intervals, then the reference start date is used to determine when the next iteration should be.
Email templateNEmail template which should be used for notifications.
DescriptionNSummary which describes the goals of this campaign.
Manager of access reviewNManager of access review or the UAR manager is a person who will be overseeing the execution of the campaign. This will person will have access to the UAR campaign dashboard, reports as well as the ability to delegate requests. The UAR manager is different from a manager who is participating as a reviewer in a campaign.

Click on Next after completing the form as shown in the example below. This will save the UAR configuration and open up additional tabs to complete the review.

New certification configuration

Define applications which will participate in the review

Click on Next and you will be moved to the next tab which will allow to you select that applications which must be in the review. From the Managed Systems dropdown, start to select the applications as show in the example below. You can select more than one application.

New certification configuration

Define entitlements for each application

Click on Next and you will be moved to the next tab where you can select the entitlements.

First, select if you will be reviewing all entitlements in all the selected applications using the two radio buttons shown below. By default all entitlements will be reviewed.

New certification configuration

To review a specific set of entitlements, select the Select entitlements from applications option. This will update the UI so the you can select entitlements in each of your applications.

New certification configuration

Expand each application by click on the + sign preceding the application name. Next filter the list of entitlements using a combination of:

  • Name - Searches using the name field use a "start with" algorithm. As you time, OpenIAM will start to filter the result.
  • Risk
  • Metadata type - Provides filtering based on the entitlement type

As you then entitlements that you are needed for your review, double click on them. These entitlements will be moved to another table, shown below, to indicate that they have been selected for the review.

New certification configuration