Entitlement based certification
If the data from the applications that need to be part of the review are already imported, then the UAR is ready to be configured. To configure an entitlement-focused certification, follow the steps below.
- Log in to webconsole and go to Access control > Access certification.
- Click on New Access Certification from the side menu and it will render the screen below.
Complete the form opened using the information from the table below.
| Field name | Required? | Description |
|---|---|---|
| Access Certification name | Y | Provide a descriptive name to uniquely identify your campaign. |
| Type of certification | Y | Determines if this is a user or application + entitlement-based review. In this case, select Application. |
| Status | Y | Indicates if the campaign is active or not. If the status is Inactive, then you will not be able to execute it. |
| Scheduled interval | N | Allows you to automatically run the campaign at regular intervals such as annually, semi-annually, and quarterly. |
| Reference start date | N | If the campaign is to be run at regular intervals, then the reference start date is used to determine the date of the next run. |
| Email template | N | Email template that should be used for notifications. |
| Description | N | Summary describing the goals of this campaign. |
| Manager of access review | N | Manager of access review, or the UAR manager, is a person who will be overseeing the execution of the campaign. This person will have access to the UAR campaign dashboard and reports, as well as the ability to delegate requests. The UAR manager is different from a reviewer in a campaign. |
Click Next after completing the form as shown in the example below. This will save the UAR configuration and open up additional tabs to complete the review.
Defining applications participating in the review
- Click Next and you will be moved to the next tab, which will allow you to select applications to be reviewed.
- From the Managed Systems dropdown, start selecting the applications as shown in the example below. You can select more than one application.
Defining entitlements for each application
- Clicking Next will shift you to the next tab for selecting the entitlements.
- Using the two radio buttons shown below, select whether you want all entitlements in all the selected applications to be reviewed or only specific ones. By default, all the entitlements will be reviewed.
To review a specific set of entitlements, select the Select entitlements from applications option. This will update the UI so you can select entitlements in each of your applications.
- Expand each application by clicking the + sign preceding the application name.
- Filter the list of entitlements using a combination of:
- Name. Searches using the name field with a "starts with" algorithm. Over time, OpenIAM will filter the result.
- Risk.
- Metadata type. Provides filtering based on the entitlement type.
As you select the entitlements needed for your review, double-click on them. These entitlements will be moved to another table, shown below, to indicate that they have been selected for the review.
