Introduction

You can create group entitlement certification campaign to certify group application accesses.

Steps to guide you with example

1. Create campaign
2. View campaign
3. Edit campaign
4. Pause and resume campaign
5. Cancel campaign

1. Create campaign

Navigate to Applications -> Access certification -> Create campaign

• General setup
  Specify campaign name, optionally add description, select Group entitlement campaign type, and priority.

  

• Scope
  Select applications to review accesses in this campaign. All groups that are entitled to the selected applications will be included. To filter this campaign's scope to limited no. of groups, use Include only option to select specific groups, or use Except for option to select all entitled groups except for specified groups. If groups are added in Include only section. Then, Except for configuration will be ignored.

  • Scope applications

    

  • Scope groups

    

• Reviewer settings
  Select reviewer to certify accesses for groups. There are 2 options to select reviewer.

  • Application owner: a review notification will be send to the owner of each application in the campaign.

    

  • Specify reviewer: search an user and add single reviewer for all groups in the campaign.

    

You can choose to log reviewer's decisions to know about each group's entitlement. There will no change in groups' entitlements. Otherwise, you can choose when reviewer's decisions should take effect.

• When the campaign ends: Rejection will trigger revocation of entitlement and deprovision of account according to the lifecycle policy for application once campaign will end.

• Immediately: Rejection will trigger an immediate revocation of entitlement and deprovision of account according to the lifecycle policy for application.

• Let the reviewer decide: Reviewer can decide to revoke entitlement immediately or when campaign will end.

• Campaign supervisor settings
  If you wish to add other users to help you to track the progress of campaign. Then, you can add one or more users as supervisor of the campaign. They can track the progress of the campaign along with you.

  

• Schedule
  You can either start campaign immediately or select a start date and time along with a frequency to re-run the campaign. Duration of the campaign should be between 1 to 365 days for reviewer to certify accesses.

  • Schedule immediately

    

  • Schedule later on

    

• Reminder and campaign end
  If you wish to set reminder for reviewers. Then, you can specify the number of days to send daily reminders to reviewer before campaign ends. You can define the action for unreviewed entitlements after the campaign ends.

  • Take no action: There will be no change in the entitlements.

  • Approve all: All entitlements will be approved automatically.

  • Reject all: All entitlements will be rejected automatically.

    

2. View campaign

You can select a campaign to view its configuration details and progress.

• Campaign results by reviewer

  

• Campaign results by entitlement

  

3. Edit campaign

You can edit description and priority of the campaign.

4. Pause and resume campaign

You can pause the campaign.

Once campaign is paused. Then, reviewers will no longer see campaign to certify the entitlements.

You can also resume the campaign.

Once campaing is resumed. Then, reviewers will start seeing campaign again to certify the entitlements.

5. Cancel campaign

You can cancel the campaign.

Once campaign is cancelled. It will be no longer available for review.

💎

Aakash Prajapati, IBM Security