User Access Review

The user access certification means configuring and executing periodic user access checks. These checks should be an integral part of a larger strategy to improve security and ensure that users have only the required level of access. These reviews are also important for supporting regulatory requirements such as SOC-2 audits.

To implement user access certification, you will need to address the following:

Collect evidence of accessCollecting evidence of the access users have by using the connector and data synchronization tools to import data from the application, which OpenIAM needs to conduct certification.
Configure the certificationThe certification configuration process requires defining the scope of the review and the reviewer workflow. Use the rows below to configure the certification based on its type.
* User based certification - Reviews all the access that users have. During the configuration, you will be able to determine which users should be included into the certification
* Application + entitlements - Reviews a specific set of entitlements in an application or a group of applications. These are sometimes referred to as Micro-certifications.
Execute the certificationThis step allows starting the certification process and the reviewer will be notified on the ability to start the user access certification
Reports for AuditorsAfter the certification has been completed, the UAR manager will need to obtain reports from OpenIAM to attach those into audit documentation. This process can be found in sections, dedicated to reporting

Note: Every run of a User Access Certification creates a new review campaign. Every campaign generates new set of data, being unique for the configurations chosen for a particular campaign. Hence, in the User Access Certification dashboard tab there might exist several campaigns with different data.

Note: To avoid the case of Access Rights were not selected against the roles or groups assigned to the users while creating access certification, make sure to select access rights user when assigning a user to a role. Access certification works if access rights are selected to the role or group for the users, which are certified. You can do that in SelfService when creating a request, as shown below.

Selecting access in SelfService