IAM (Identity and Access Management) access reviews are an important part of ensuring that your organization’s security measures are up to date and effective.

These reviews help identify any potential security vulnerabilities or areas of non-compliance, enabling you to make necessary changes before they become a risk.

By identifying any potential issues and vulnerabilities in your system, you can take the necessary steps to address them and ensure that your organization remains secure.

IDHub Access Reviews are called Certifications, and can be created and managed by IDHub System Administrators, who can define the parameters for each Certification.

System Admins can perform the following actions while using the Certification tool:

• Create new Certifications
• Modify existing Certifications
• Run Certifications in real-time
• Schedule Certifications to run on a later date and time
• Create Certification Campaigns that run continuously on a scheduler
• Archive Certifications that are no longer in use
• Assign Certification tasks to appropriate users, job titles, or managers

Certification Tasks

When a new Certification is created by an admin, a certifier is selected during configuration. The certifier is the user that will receive the task to review access.

IDHub is flexible, allowing admins to choose exactly who they want to perform the access review.

• A Named User
• A Role or Job Title
• The Beneficiary's Manager
• The Resource Owner

What can the certifier do?

Each task will indicate exactly what the certifier needs to review.

In this example, we can see the certifier received 3 tasks

• Certify Access to Docusign
• Certify Access to Docusign Admins
• Certify Access to Docusign Standard Users

Within the task, certifiers can perform the following actions:

• Certify Access
• Revoke Access
• Escalate the task if they are unsure on how to proceed

What happens after the task is completed?

Certification Workflows determine what happens before and after the certifier completes the task.

Workflows can accommodate any process needed for access reviews. For instance, sending notifications to the appropriate users, generating additional tasks to specific users, or any flow, at any time in the review process.

A few examples:

• Before any tasks to review access are sent to certifiers, a safe-guard task is initiated and sent to the user in charge of deciding if the audit can take place.
• If the user has been certified, they keep their access and nothing changes.
• If a revocation is initiated, IDHub immediately deprovisions access to that resource, for that user.
• A notification is sent to managers, informing them that access was certified or revoked to a user on their team.

Any flow needed for your organization can be accommodated with IDHub Workflows

IDHub Certifications can be configured to automatically trigger an audit, based on certain predetermined events.

Out of the box Certification triggers include:

• User department changes
• User status changes (active to disabled or LOA)
• User job title change
• User location change

Like most features of IDHub, Certification triggers can be configured to do exactly what you need, as they are based off IDHub Workflows and Automations.

IDHub allows for custom no-code workflows, using all events, triggers, attributes, and processes, as parameters for your access review needs.

IDHub makes it easy to fine-tune specific data sets when configuring Certifications.

The advanced filtering allows admins to choose what and who to certify, by targeting user attributes or custom queries.

Admins can quickly set-up granular data sets to audit specific users of an application or permission.

Compliance requirements can be stringent, and maintaining the precise schedule for audits can be tricky.

Some security policies require certifications to be completed on an annual, quarterly, monthly, or even weekly basis.

IDHub certifications can be configured to automatically initiate on a predetermined schedule. If the schedule changes, admins can easily modify the certification scheduler with a few simple clicks.

IDHub Certifications can be created to audit a user, or a group of users, as well as a resource, or a group of resources.

In the images below, you can see the two types of Certification Tasks

• Certifying all user access to the resource Xero
• Certifying the user Steve Clark's access