Now Hiring: Are you a driven and motivated 1st Line IT Support Engineer?

User Access Reviews

I finished my last review and it did not save, why?

Each page during the review process has a Next button to transition to the next user to be reviewed. This Next has a “next and save” functionality. On the last reviewer, there will be no next button. Be sure to Save the last review as changes will not be saved automatically upon closing out.

Are updates automatically changed within my applications?

Unless you have opted for our LCM module which pushed changes directly into Active Directory, all updates must be made on your end within the application. After updates are acted on within application, make sure to Sync the application to verify the changes.

Can users self-certify?

No; however, delegations can be made for specific individuals being reviewed. For example: If any application owner is reviewing the application and his own data is housed in the review, it best practice to have someone else review his access rights. He can delegate his credential review to someone else using the delegations tab. Here one can assign the reviewer (potentially themselves) they wish to delegate along with a delegatee email representing the person to conduct the review in their place.

If I terminate a user during a review, will those entitlements/credential be revoked and included with the ticketing process?

Yes. If a manager marks a user as Terminated during the review, the credential and any entitlements will be marked as revoked and included with the ticketing file that is generated and emailed to the address designated within the application ticketing configuration. One thing to remember, this file is an end of campaign file and will not be generated until the campaign is closed. So, if you have a month-long campaign going on, the action to revoke access for terminated users will not go to your help desk (who ever actions the tickets) until after the campaign is completed. Of course, the manager always has the option to proactively send an internal request to remove the terminated users access within the respective application before the campaign completes. But that is a process outside of the SecurEnds tool and would not impact anything.

Powered by BetterDocs