HRVD Uni Iam Techoversight July2014

SailPoint Course Material for Access
Certification
Copyright © Asha24. All the contents of this material for

education purpose only. Sailpoint is not the publisher of these
material and is not responsible for it in any aspect.
Course Agenda And Schedule
Topic Facilitator Time

 Certification Process
 Current vs. New Process
 Types of Certifications
 Process Flows for –

 XXX  10 Minutes
 People Manager Certifications
 Business Application Owner (BAO)

Certifications
 Notifications & Escalations
 Certification in SailPoint IdentityIQ
 Delegation of Certifications
 Sign off of Reports by BAO  XXX  60 Minutes
 Q&A Discussions
 Hands on Exercise #1
Copyright © Asha24. All the contents of this material for education purpose only. Sailpoint is not the publisher of these material and is not responsible for it in any aspect.
Certification Process

User Access Certifications using AAM SailPoint Solution
Current Process: User Access Certifications at Company A
New Process: User Access Certifications using AAM SailPoint Solution
Types of Certifications in SailPoint IdentityIQ
These are three (3) types of Certifications configured in IdentityIQ.
 People Manager and BAO Certifications are discussed in detail in next slides.
People Manager Certification in IdentityIQ & Process Flow
People Manager Certification Process Flow:
 SailPoint IdentityIQ creates certifications to review access for the users

 People Managers perform certifications for their direct reports
 People Managers access SailPoint IdentityIQ and approve or revoke users’ access on a IdentityIQ’
s web-based interface
 SailPoint IdentityIQ stores the certification results and takes further action e.g.. de-provisions users’
roles if marked as revoke in the certification

BAO Certifications in IdentityIQ & Process Flow
 BAO performs a certification in IdentityIQ for users whose People Managers have a title of above 2nd level
VP
 Also, BAO’s reviews the completed People Manager Certification report & signs-off on the report in
IdentityIQ

User Access Certifications - Notifications & Escalations
Access Certifications Notifications

Receiver Description Type Days
Certifier Certification Notification email Notification 0 Day
Certifier Certification incomplete after First Reminder 15 Days

15 days of start date Notification
Certifier Certification incomplete after Second Reminder 20 Days
20 days of start date Notification
Access Certifications Escalations

Receiver Description Type Days
Certifier’s Manager Certification incomplete after 1st Escalation 25 Days
25 days of start date
Corporate AAM Office / Certification incomplete after Final escalation 30 Days
AAM Lead 30 days of start date

Certification in SailPoint IdentityIQ

Steps to complete a Certification in IdentityIQ
Step 1: Email Notification

• You will receive an email from AAM_Support@Company A.com with certification details
• Follow the link to begin your certification
• Click the “AAM SailPoint Help” link for more information

Step 2: IdentityIQ Dashboard

• Access IdentityIQ. The 1st page displayed is the IdentityIQ ‘Dashboard’
• Click on the Certification in the ‘Inbox’ to begin the certification process
Step 3: Access Review Details Page

• A pop up will be displayed with Details on the Access Review. Click ‘Ok’ to continue to the access review.
Step 3 Continued: Access Review Details Page
• Access of each user will be displayed.
• Click on each user’s access review line item to complete certification
Step 4: Make Decisions

• Choose a certification action for the users
Step 4 Continued: Make Decisions

• Choose a certification action (approve/revoke) for each user’s role
• Click ‘Save Changes’ to continue to the next user
Click ‘Save Changes’ after

making each decision


• If there is a segregation of duties (SOD) by a user, the violated SOD will be displayed for the user within the
certification.
Step 2: Select ‘Allow Exception’

or ‘Revoke’ Step 1: Click on user to display SOD violation
information
• The details of the violated SOD Policy description are displayed to the certifier

Step 5: Sign off Certification

• Once certification decision is saved for each user, click ‘Sign off’ to submit certification
• Note: Sign Off is only available when the user roles have been certified and decisions have been saved i.e.
Percent Complete is 100%
Summary: Steps to complete a Certification in IdentityIQ
Certification Delegations

Assigning a Sub-Certifier in Certifications
 Certifications items may be delegated by the certifier to a sub-certifier in IdentityIQ

 Sub-certifiers can be chosen inside the certification view for each of the roles for direct report(s)
Steps to assign a sub-certifier:

1. Open certification in IdentityIQ, select one or more users for delegation. Click on “Delegate” option for each
user’s line item
Step 1: Click on ‘Delegate’ button for

the user’s certification line item
Assigning a Sub-certifier in Certifications
2. After selecting ‘Delegate’, select the recipient of the delegated item from the drop-down list of users & click
on ‘Delegate’
Step 2: Search & select sub-

certifier
3. After selecting the sub-certifiers, select ‘Save Changes’
Step 3: Click ‘Save Changes’

Certifying Work Item by a Sub-certifier
The assigned Sub-certifier will receive a ‘Certification Work Item’ in SailPoint IdentityIQ. This work item can be
accessed in the “Dashboard->Inbox”
Step 1: Select
certification work item
from Dashboard-Inbox
Certifying Work Item by a Sub-certifier
The sub-certifier can certify the delegated certification work item i.e. approve or reject, add comments & save.
Step 2: Add comments
Step 1: Select
‘Approve’ or ‘Revoke’
Step 3: Click ‘Save’
Step 4: Click
‘Complete’ or ‘Reject’
Certification / Report Sign Off

Sign-Off after Certification
After the certifier or sub-certifier has completed the certification items, the People Manager/BAO must sign off
on the certification in IdentityIQ
Steps to sign off on the certification:

1. Open the certification containing the certification work items from Dashboard->Inbox
2. Click on ‘Sign off’ (only available when certification items are 100% complete)

Steps to Sign off Reports for BAO
SailPoint IdentityIQ will generate a ‘User Access Report’ for the BAO. The BAO can review and sign off on this
report.
Step 1: Click on report for ‘Sign off’

under ‘Manage-Work Items’

BAO can open the user access report from the work item.

BAO can review the user’s roles in the application in the user access report.
Step 3: Review user access in

report

After reviewing the user access report, the BAO can take action on the report i.e. Sign off

Questions and answers

Thank you


HRVD Uni Iam Techoversight July2014

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

HRVD Uni Iam Techoversight July2014

Transféré par

Droits d'auteur :

Formats disponibles

SailPoint Course Material for Access

Copyright © Asha24. All the contents of this material for

Topic Facilitator Time

 Current vs. New Process

 Process Flows for –

 Business Application Owner (BAO)

 Notifications & Escalations

 Certification in SailPoint IdentityIQ

 Sign off of Reports by BAO  XXX  60 Minutes

Copyright © Asha24. All the contents of this material for

Current Process: User Access Certifications at Company A

New Process: User Access Certifications using AAM SailPoint Solution

People Manager Certification Process Flow:

 SailPoint IdentityIQ creates certifications to review access for the users

Copyright © Asha24. All the contents of this material for

Copyright © Asha24. All the contents of this material for

Access Certifications Notifications

Certifier Certification incomplete after First Reminder 15 Days

Access Certifications Escalations

Copyright © Asha24. All the contents of this material for

Copyright © Asha24. All the contents of this material for

Steps to complete a Certification in IdentityIQ

Step 1: Email Notification

Copyright © Asha24. All the contents of this material for

Step 2: IdentityIQ Dashboard

Step 3: Access Review Details Page

Step 4: Make Decisions

Step 4 Continued: Make Decisions

Click ‘Save Changes’ after

Copyright © Asha24. All the contents of this material for

Step 4 Continued: Make Decisions

Step 2: Select ‘Allow Exception’

Copyright © Asha24. All the contents of this material for

Step 5: Sign off Certification

Copyright © Asha24. All the contents of this material for

 Certifications items may be delegated by the certifier to a sub-certifier in IdentityIQ

Steps to assign a sub-certifier:

Step 1: Click on ‘Delegate’ button for

Step 2: Search & select sub-

3. After selecting the sub-certifiers, select ‘Save Changes’

Step 3: Click ‘Save Changes’

Step 2: Add comments

Step 3: Click ‘Save’

Copyright © Asha24. All the contents of this material for

Steps to sign off on the certification:

Copyright © Asha24. All the contents of this material for

Step 1: Click on report for ‘Sign off’

Copyright © Asha24. All the contents of this material for

Copyright © Asha24. All the contents of this material for

Step 3: Review user access in

Copyright © Asha24. All the contents of this material for

Copyright © Asha24. All the contents of this material for

Copyright © Asha24. All the contents of this material for

Copyright © Asha24. All the contents of this material for

Vous aimerez peut-être aussi