Adding Recertification Policies to Audits

In EmpowerID, an audit is a user-defined, logically named object for identifying or grouping recertification tasks and running the Recertification policies that generate those tasks. After creating an audit, you add Recertification policies to it to define what you want to audit. Then when the audit runs, it compiles those Recertification policies, creating the appropriate recertification tasks.

Prerequisites:

Before you can add a specific Recertification policy to an audit, both the audit and the policy must exist in EmpowerID. If they do not, please see Creating Recertification Policies and Creating Audits for more information.

To add Recertification policies to audits

  1. Log in to the EmpowerID Web application as an auditor or other person with the ability to configure audits.
  2. From the Navigation Sidebar, navigate to the Audit Configuration page by expanding For Auditors and clicking Audit Configuration.
  3. From the Audit Configuration page, click the Audits tab and search for the audit to which you want to add a Recertification policy.
  4. Click the Audit link.
  5. This opens the ViewOne page for the Audit. View One pages allow you to view information about an object in EmpowerID and manage it as needed.

  6. From the audit's View One page, expand the Recertification Policies accordion and click the Add New Recertification Policy (+) button in the Policy grid.
  7. In the Recertification Policy dialog that appears, type the name of the policy you want to add to the audit, and then click the tile for that policy.
  8. Optionally, type a number in the Ignore Any Certified Within Last X Days field. This is useful in situations where a previous audit was closed before all recertification tasks generated by it were completed. In this way, managers will only be given recertification tasks for any direct reports who have were not certified in the last audit.
  9. This setting does not completely exclude previously audited direct reports; it only excludes those access assignments that were re-certified within the specified day range. Thus, if a direct report gains access to a new resource, such as becoming the member of a new group, the audit will generate a Recertification task for that new membership.
  10. Click Save to add the Recertification policy to the audit.
  11. You should see the policy added to the Recertification Policies grid.

  12. Optionally, you can keep the audit from creating recertification tasks for certain access assignments that would normally be generated by the Recertification policy.
    • To Add Exclusions to the Policy
      1. From the Recertification Policy grid, click the Exclusions button for the Recertification policy.

      2. This opens a view for the selected Audit Recertification policy. The view has two grids: an Exclude These Entitlements grid and an Exclude These Entitlement Types grid. These grids allow you to exclude entitlements granted to specific actors—such as an individual person or group—as well as an entitlement type, like belonging to a role or group that has no bearing for the audit.

      3. To exclude a specific entitlement, click the Add (+) button in the Exclude These Entitlements grid, select the appropriate actor type from the Type drop-down and then search for and select the specific actor.

      4. To exclude an entitlement type, click the Add (+) button in the Exclude These Entitlement Types grid, select the type from the Type drop-down and then click Save.

    Once you have completed added your Recertification policies to the audit, the next step is to generate the recertification tasks associated with the policies. You do this by compiling the audit. This is demonstrated in the Compiling Audits topic.