Role

Add a Workflow 

1. Go to Workflow > Add Workflow.

   

2. On the add workflow screen, enter the following details:

   

   • Workflow Name: Enter a Workflow Name.

   • Workflow Type: Choose Workflow Flow Type as Access Certification. 

   • Workflow For: Choose Role from the drop-down.

3. Click ADD.

4. The Configuration screen appears by default.

   

5. Select the following checkboxes:

   • Allow Terminate User in Campaign Review: Check the box to enable the user's termination in a campaign review.

   • Allow Multi-select User option in Campaign Review: Select this box to select multiple users for a campaign. Check boxes against each user will be displayed in the review list. If you uncheck this box, check boxes against each user will be disabled.

   • Display Role End Date: Select the box to display the role end date in a campaign review.

   • Immediate Fulfillment Certification: Select this option if you want the fulfilment immediately after completing the campaign.

   • Delayed Fulfillment Certification: Select this option to postpone fulfilment certifying a User/Role/Application/entitlement during a campaign.

   • The number of users to be listed in the review email: Enter the number of users listed in the email notification to a reviewer.

   • Schedule Workflow: Select this check box to schedule a campaign periodically, that is, weekly, monthly, etc., with the date and time set.

   • Automatic fulfilment:  Select this option if you want the system to act on the fulfilment process when access is revoked automatically.

   • Perform Suspend operation: Select this option to suspend access when access is revoked.

   • Perform Delete operation: Select this option to delete access when access is revoked.

6. Click Save.

Add a Target 

1. Click Target > Add Target.

   

2.  Review all roles: Select the box to review all roles.

3. Role search can be done in three ways:

   • Role Name: You can search for roles by specifying the role name.

   • Role Description: You can search by providing a description of the role.

   • Role Source: This means you can search for roles based on the system or application from which they originate or are managed.

4. Choose the conditions against it. The name will be available by adding a role attribute with the condition 'Equals to, not Equals to, starts with, ends with, Contains', and a text field for the Attribute value and click Search.

5. Choose a role from the results.

   

6. Click Add.

Add a Reviewer

1. Click Reviewers. The reviewer's screen appears. 

   
   
   

2. Enter the name of the Reviewer and the Approver Type.

   1. Approver type as Manager: Select the approver type from the drop-down menu. Once selected, the approver will receive the mail containing a list of users for whom the campaign should be done. The manager can log in to the end user portal, check the review task, and take action to either retain or revoke the user's access. 

      • Step Duration: Configure the number of days after which the automatic option of Retain or Revoke will be taken.

      • Action to be taken when step duration exceeds: Enter the action to be taken when the step duration exceeds the number of days. Either Auto-Retain or Revoke.

   2. Approver type as Role: Select the approver type from the drop-down menu and enter the role. The approver will receive a mail that contains the list of users for whom the campaign should be done.  Users who are part of the role can log in to the end user portal, check the review task, and can take action either can retain or revoke users’ access. 

      • Role: Search for the role.

        
        
        

      • Required Approval from All: This option can be enabled if you want all the users present in the selected role must take action to either Retain/ Revoke the configured Target. 

      • Step Duration: Configure the number of days after which the automatic option of Retain or Revoke will be taken. 

      • Action to be taken when step duration exceeds: Enter the action to be taken when the step duration exceeds the number of days. Either Auto-Retain or Revoke.

        
        

        c. Approver type as User: Select the approver type from the drop-down menu and provide the username. The approver will receive the mail containing a list of users for whom the campaign should be done. The user mentioned in the approver tab can log in to the end user portal, check the review task, and take action to either  retain or revoke the user's access. 

      • Required Approval from all: This option can be enabled to add multiple reviewers. In this call, all the users selected must take an action of either Retain/ Revoke the configured Target. 

      • Step Duration: Configure the number of days after which the automatic option of Retain or Revoke will be taken. 

      • Action to be taken when step duration exceeds: Enter the action to be taken when the step duration exceeds the number of days. Either Auto-Retain or Revoke.

      3. Click Add.

Review Campaign

1. Here all the campaign details will be captured, including Campaign ID, Start Time, End Time, and Status of the campaign. 

   

2. Campaigns that are completed have the View Details button where you can view the complete details of a campaign and download the report.