Group entitlement
Introduction
You can create group entitlement certification campaign to certify group application accesses.
Steps to guide you with example
- Create campaign
- View campaign
- Edit campaign
- Pause and resume campaign
- Cancel campaign
1. Create campaign
Navigate to Applications
-> Access certification
-> Create campaign
-
General setup
Specify campaign name, optionally add description, selectGroup entitlement
campaign type, and priority. -
Scope
Select applications to review accesses in this campaign. All groups that are entitled to the selected applications will be included. To filter this campaign's scope to limited no. of groups, useInclude only
option to select specific groups, or useExcept for
option to select all entitled groups except for specified groups. If groups are added inInclude only
section. Then,Except for
configuration will be ignored.-
Scope applications
-
Scope groups
-
-
Reviewer settings
Select reviewer to certify accesses for groups. There are 2 options to select reviewer.-
Application owner: a review notification will be send to the owner of each application in the campaign.
-
Specify reviewer: search an user and add single reviewer for all groups in the campaign.
-
You can choose to log reviewer's decisions to know about each group's entitlement. There will no change in groups' entitlements. Otherwise, you can choose when reviewer's decisions should take effect.
-
When the campaign ends: Rejection will trigger revocation of entitlement and deprovision of account according to the lifecycle policy for application once campaign will end.
-
Immediately: Rejection will trigger an immediate revocation of entitlement and deprovision of account according to the lifecycle policy for application.
-
Let the reviewer decide: Reviewer can decide to revoke entitlement immediately or when campaign will end.
-
Campaign supervisor settings
If you wish to add other users to help you to track the progress of campaign. Then, you can add one or more users as supervisor of the campaign. They can track the progress of the campaign along with you. -
Schedule
You can either start campaign immediately or select a start date and time along with a frequency to re-run the campaign. Duration of the campaign should be between 1 to 365 days for reviewer to certify accesses.-
Schedule immediately
-
Schedule later on
-
-
Reminder and campaign end
If you wish to set reminder for reviewers. Then, you can specify the number of days to send daily reminders to reviewer before campaign ends. You can define the action for unreviewed entitlements after the campaign ends.-
Take no action: There will be no change in the entitlements.
-
Approve all: All entitlements will be approved automatically.
-
Reject all: All entitlements will be rejected automatically.
-
2. View campaign
You can select a campaign to view its configuration details and progress.
-
Campaign results by reviewer
-
Campaign results by entitlement
3. Edit campaign
You can edit description and priority of the campaign.
4. Pause and resume campaign
You can pause the campaign.
Once campaign is paused. Then, reviewers will no longer see campaign to certify the entitlements.
You can also resume the campaign.
Once campaing is resumed. Then, reviewers will start seeing campaign again to certify the entitlements.
5. Cancel campaign
You can cancel the campaign.
Once campaign is cancelled. It will be no longer available for review.
Aakash Prajapati, IBM Security
Updated 9 months ago