Introduction

You can create account certification campaign to certify accounts based on their compliance status.

Steps to guide you with example

  1. Create campaign
  2. View campaign
  3. Edit campaign
  4. Pause and resume campaign
  5. Cancel campaign

1. Create campaign

Navigate to Applications -> Access certification -> Create campaign

  • General setup
    Specify campaign name, optionally add description, select Account campaign type, and priority.

    3434
  • Scope
    Select applications to review user accounts in this campaign. All users and groups that are entitled to the selected applications will be included. To filter this campaign's scope to a subset of users and groups, use Include only option to select specific users or groups, or use Except for option to select all entitled users and groups except for specified users or groups. If users or groups are added in Include only section. Then, Except for configuration will be ignored. All accounts in the selected applications will be included. You can select compliance status of accounts to limit the scope the campaign. By default, all accounts will be included in this campaign.

    - Scope applications
    
        [block:image]
    

    {
    "images": [
    {
    "image": [
    "https://files.readme.io/6d9873c-scope_applications.png",
    "6d9873c-scope_applications.png",
    3434,
    1968,
    "#000000",
    null,
    "64f9cd121db3d900273912c7"
    ]
    }
    ]
    }
    [/block]

    - Scope users
    
        [block:image]
    

    {
    "images": [
    {
    "image": [
    "https://files.readme.io/058adf3-scope_users.png",
    "058adf3-scope_users.png",
    3436,
    1966,
    "#000000",
    null,
    "64f9cd15d89c4808c41d56de"
    ]
    }
    ]
    }
    [/block]

    - Scope accounts
    
        [block:image]
    

    {
    "images": [
    {
    "image": [
    "https://files.readme.io/e65106d-scope_accounts.png",
    "e65106d-scope_accounts.png",
    3436,
    1966,
    "#000000",
    null,
    "64f9cd176611bb0074bc1669"
    ]
    }
    ]
    }
    [/block]

  • Reviewer settings
    Select reviewer to certify accesses for users. There are 2 options to select reviewer.

    - **User manager or application owner**: Accounts with a known user are reviewed by the user's manager. Accounts without a known user or with a user who doesn't have a manager listed are reviewed by the application owner.
    
        [block:image]
    

    {
    "images": [
    {
    "image": [
    "https://files.readme.io/8d94f6d-user_manager_application_owner_reviewer.png",
    "8d94f6d-user_manager_application_owner_reviewer.png",
    3432,
    1968,
    "#000000",
    null,
    "64f9cd18d14a4a0f93bc6928"
    ]
    }
    ]
    }
    [/block]

    - **Specify reviewer**: search an user and add single reviewer for all accounts in the campaign.
    
        [block:image]
    

    {
    "images": [
    {
    "image": [
    "https://files.readme.io/6c78dbf-custom_reviewer.png",
    "6c78dbf-custom_reviewer.png",
    3434,
    1966,
    "#000000",
    null,
    "64f9cd195a8c3000155b1799"
    ]
    }
    ]
    }
    [/block]

    You can choose to log reviewer's decisions to know about each account. There will no change in account status. Otherwise, you can choose when reviewer's decisions should take effect.
    
    - **When the campaign ends**: Rejection will trigger deprovision of account according to the lifecycle policy for application once campaign will end.
    
    - **Immediately**: Rejection will trigger an immediate deprovision of account according to the lifecycle policy for application.
    
    - **Let the reviewer decide**: Reviewer can decide to deprovision account immediately or when campaign will end.
    
  • Campaign supervisor settings
    If you wish to add other users to help you to track the progress of campaign. Then, you can add one or more users as supervisor of the campaign. They can track the progress of the campaign along with you.

    3438
  • Schedule
    You can either start campaign immediately or select a start date and time along with a frequency to re-run the campaign. Duration of the campaign should be between 1 to 365 days for reviewer to certify accesses.

    - Schedule immediately
    
        [block:image]
    

    {
    "images": [
    {
    "image": [
    "https://files.readme.io/4a1a3a7-schedule_immediately.png",
    "4a1a3a7-schedule_immediately.png",
    3440,
    1968,
    "#000000",
    null,
    "64f9cd1edcc2cb000f48b90d"
    ]
    }
    ]
    }
    [/block]

    - Schedule later on
    
        [block:image]
    

    {
    "images": [
    {
    "image": [
    "https://files.readme.io/6b04fd6-schedule_later_on.png",
    "6b04fd6-schedule_later_on.png",
    3436,
    1968,
    "#000000",
    null,
    "64f9cd1f9203c500195af267"
    ]
    }
    ]
    }
    [/block]

  • Reminder and campaign end
    If you wish to set reminder for reviewers. Then, you can specify the number of days to send daily reminders to reviewer before campaign ends. You can define the action for unreviewed accounts after the campaign ends.

    - **Take no action**: There will be no change in the accounts.
    
    - **Approve all**: All accounts will be approved automatically.
    
    - **Reject all**: All accounts will be rejected automatically.
    
    [block:image]
    

    {
    "images": [
    {
    "image": [
    "https://files.readme.io/f6a57f9-reminder_campaign_end.png",
    "f6a57f9-reminder_campaign_end.png",
    3436,
    1970,
    "#000000",
    null,
    "64f9cd2006308d091630c234"
    ]
    }
    ]
    }
    [/block]

2. View campaign

You can select a campaign to view its configuration details and progress.

3434
  • Campaign results by reviewer

    2122
  • Campaign results by account

    2112

3. Edit campaign

You can edit description and priority of the campaign.

3434

4. Pause and resume campaign

You can pause the campaign.

3442

Once campaign is paused. Then, reviewers will no longer see campaign to certify the accounts.

3442

You can also resume the campaign.

3438

Once campaing is resumed. Then, reviewers will start seeing campaign again to certify the accounts.

3440

5. Cancel campaign

You can cancel the campaign.

3434

Once campaign is cancelled. It will be no longer available for review.

3440

πŸ’Ž

Aakash Prajapati, IBM Security