User Access Reviews
Ensure ongoing compliance and security by regularly assessing and validating user access rights, permissions, and roles with Identity Governance User Access Reviews. Schedule reviews on a timely basis to ensure you are ahead of audits.
.png)
Access Review
IAM (Identity and Access Management) user access reviews are an important part of ensuring that your organization’s security measures are up to date and effective.
These reviews help identify any potential security vulnerabilities or areas of non-compliance, enabling you to make necessary changes before they become a risk.
By identifying any potential issues and vulnerabilities in your system, you can take the necessary steps to address them and ensure that your organization remains secure.
Access Reviews / Certifications
Certifications in Sath Hub
Sath Hub offers a comprehensive access review solution across all your applications and identities. Reviews are not on a specific time now but rather reviews are now on every change. Be on top of your applications and perform real time reviews.
How to setup certification
IDHub user access reviews are called Access Certifications, and can be created and managed by IDHub System Administrators, who can define the parameters for each Certification. System admins can perform the following actions while using the Certification tool:
Create new access certifications
Launch new certification campaigns to review user access across applications, roles, or entitlements. Define scope, reviewers, timelines, and escalation rules to ensure structured compliance validation.
Modify Existing Certifications
Easily update scope, reviewers, deadlines, or policies within active certification campaigns. Maintain flexibility while ensuring audit continuity and governance accuracy.
Run IAM Certifications in Real-Time
Initiate on-demand certification reviews whenever immediate validation is required. Ideal for audits, regulatory checks, or high-risk access investigations.
Schedule Certifications for Later
Plan certification campaigns to run at a specified date and time. Automate future compliance reviews without manual intervention.
Continuous Certification Campaigns
Create recurring campaigns that automatically run based on a defined schedule. Ensures ongoing access governance and reduces compliance gaps.
Assign Certification Tasks
Automatically route certification reviews to appropriate managers, role owners, or designated reviewers. Ensures accountability and accurate access validation at every level.
User Access Reviews vs Resource Access Reviews
IDHub user access certifications can be created to audit a user, or a group of users, as well as a resource, or a group of resources.
In the images below, you can see the two types of Certification Tasks
- Certifying all user access to the resource Xero
- Certifying the user Steve Clark's access
.webp)
Out of the Box Access Reviews
IDHub Access Certifications can be configured to auto trigger an audit, based on certain predetermined events. Out of the box Certification triggers include:
- User Department Changes
Automatically trigger certification reviews when a user moves to a different department. Ensures access remains aligned with new business responsibilities and prevents over-provisioning.
- User Status Changes (Active to Disabled or LOA)
Initiate immediate access review when a user becomes inactive, disabled, or goes on leave of absence. Prevents orphaned accounts and reduces security risks from unused active access.
- User Job Title Change
Launch targeted certifications when a user’s designation or role changes. Validates that access rights match updated responsibilities and removes excess privileges
- User Location Change
Trigger access review when a user relocates to a different office, region, or country. Ensures compliance with location-based policies, regulatory requirements, and data residency rules.
- Custom Queries
IDHub makes it easy to fine-tune specific data sets when configuring Certifications. The advanced filtering allows admins to choose what and who to certify, by targeting user attributes or custom queries. Admins can quickly set-up granular data sets to audit specific users of an application or permission.
Access Review Process
Select a Certifier
Select a Certifier When a new Access Certification is created by an admin, a certifier is selected during configuration. It can be an individual group, manager or owners.
Triggers
Trigger Each access review task is triggered either on a schedule, or a pre-defined trigger on event like job change, department change or can be done manually by a certification administrator.
Review Tasks
Review Tasks Each access review task will indicate exactly what the certifier needs to review. They can approve access to be kept as-is or chose to perform an action.
Certify & Revoke Access
Certify & Revoke Access Within the task, certifiers can perform the following actions: Certify Access, Revoke Access, Escalate the task if they are unsure on how to proceed.
Compliance Audit
Compliance audits and requirements can be stringent, and maintaining the precise schedule for them can be tricky.
Some security policies require access reviews to be completed on an annual, quarterly, monthly, or even weekly basis.
IDHub access certifications can be configured to automatically initiate on a predetermined schedule. If the schedule changes, admins can easily modify the certification scheduler with a few simple clicks.
Approval Workflow
Access certification approval workflows determine what happens before and after the certifier completes the task.
IAM approval workflows can accommodate any process needed for access reviews. For instance, sending notifications to the appropriate users, generating additional tasks to specific users, or any flow, at any time in the review process.
A few examples:
- Before any tasks to review access are sent to certifiers, a safe-guard task is initiated and sent to the user in charge of deciding if the audit can take place.
- If the user has been certified, they keep their access and nothing changes.
- If a revocation is initiated, IDHub immediately deprovisions access to that resource, for that user.
- A notification is sent to managers, informing them that access was certified or revoked to a user on their team.
Any flow needed for your organization can be accommodated with IDHub Workflows.
Cyber Security Tools
