IDHub provides Access Review in two categories:
IDHub Access Certification is the process of reviewing the permissions or entitlements on a periodic basis that users have to ensure they do not have unnecessary access i.e. they have the access they are not authorized to have or no longer need.
IDHub provides Access Review in two categories:
- User-based Certifications
- Resource-based Certifications
User-Based Certifications
If an organization need to review access or a certain user group or individuals, IDHub provides User Access reviews via Certifications
You can:
- Customize User-based conditions to review a user based adhering to your condition
- Assign Certifiers that evaluate the need to keep/ remove access to an application from the user base
- Customize auto-revocations on Access Review completion for Revoked applications and entitlements for a user/ group
Resource-Based Certifications
If an organization needs to review an application/ role present in the organization and review accounts present in the resource, it is availed through Resource-based Access Reviews.
Certification Life Cycle Tools
Below is the summarised view of Certification feature of IDHub
Certification Defnitions
Every administrators are provided with a wizard for defining the content for access certification.
Definition Approvals
Before a certification definition is run, it goes through an approval process for security purposes.
Certifier Groups
Only specific groups (and its members) within IDHub are allowed to perform certification tasks
Tasks Management
Certifiers receive time-based certification tasks that they complete as part of Access Review
Auto-Revocations
Once identified that an access is no longer neccessary, revocation process helps in removing access for the user(s)
Schedulers
Certification tasks can be auto-scheduled too. Our scheduler run in real time to create tasks based on definition
Durations
Certifier Tasks are time based. While creating definition, duration is added based on review priority
Trigger Settings
Certification definitions can also be triggered based on certain conditions like Role change, Application creation etc.
Withdrawals
Certification tasks can be withdrawn by the person who ran the certification job in case of user errors
Manage Certifications
IDHub certification definitions once created can be managed as well by the administrators.
You can:
- Modify existing Certification definitions
- Run Definition in real-time
- Schedule definition to run at a later date and time
- Archive an old Certification definition that is no longer in use
- and more…