Phases of Certification

Below are the phases of certification life cycle. (Some of these phases are optional)

1. Generation Phase: This phase includes configuring certification parameters on the Basic, Lifecycle, Notifications, Behavior and Advanced page from the UI. The combination of these parameter values decides which phases would the certification go through.It is in this phase that parameters like Certification owner,certification frequency, notification scenarios and other similar parameters are defined.

2. Active Phase:

§  It is during the Active phase that the certifiers are required to take their decisions(approve\revoke).

§  Delegations and reassignments,if any, needs to be completed during this phase.

§  The Active period duration is mentioned on the Lifecycle page.

3. Challenge Phase:

§  The Challenge Phase starts when the Active Period Duration is over.

§  Challenge phase is a phase in which a user whose access is being affected by a reviewers decision can challenge the decision.

§  It is enabled only if the “Enable Challenge Period” option was selected from the Lifecycle page.

4. Sign-Off Phase:

§  The Sign Off phase starts at the end of Challenge phase.

§  Once the Sign Off button is clicked , no further changes to Access Reviews can be made by reviewers.

Depending upon the parameters selected in the generation phase,next phase can be either Revocation phase or end phase.

5. Remediation\Revocation Phase:

§  In this phase remediation action(e.g. revocation of access rights) is performed on the source application using the provisioning mechanism(manually or automatically)

§  Remediation generally consists of sending email messages,creating work items for resource owners to take action.

§  When a Revocation Period is enabled, IdentityIQ monitors the status of remediation requests; when it is not enabled, remediation requests are submitted for processing but are not tracked.

6. End Phase:

§  The Access Review reaches its End Phase when all Phases configured for it have passed their end date or when all actions required for the process (as configured) are complete.

§  If a Certification does not have a Challenge or Revocation Periods enabled, clicking Sign Off initiates the End Phase.

§  If a Revocation Period enabled, End Phase will start only once all remediation requests have been completed or when the Revocation Period’s end date passes.