Campaigns can be customized further using Delegations. There are two types of delegations: People Delegations and Credential Delegations. Each delegation has a different function and resulting use case.
Delegation settings can be found in the “Delegation” tab under Access Review on the left hand menu.
Initiating a People Delegation
Clicking “Delegation” will open up the delegation menu where People Delegation is the default in the top left drop down box. The names listed above are all the previous People Delegations. To add new People Delegations, select “Add” in the green box at the top.
Select the Reviewer Email whose review will be delegated to another. Next select the delegatee’s email who will be conducting the review on the reviewers behalf. In this example: Harrison’s pending access reviews will be done by Jack.
Functionality: People Delegation
- People Delegation will affect all current and future campaigns
- It is NOT campaign specific
- Upon delegation, both parties will see the same campaign. No access is revoked from the original reviewer
- A “Red Exclamation” icon will appear next to a campaign that has been delegated
Use Case:
The owner of a review is out of office. The deadline for reviews to be completed will end before the reviewer returns to office. SecurEnds admin will delegate the OOO reviewer’s review to a trustworthy source to complete on their behalf.
Initiating a Credential Delegation
Navigate back to “Delegation” on the left hand side menu. Click the drop down to “Credential Delegation”.
Note: Credential Delegation is application specific. Select the desired application.
In the example above, Active Directory is selected:
- The user, Nyjah’s, email was searched for using the “Search Email”.
- The corresponding credential “Nhuston” appears and is selected
- “Tony.hawk” is selected as Reviewer
- Select Save to confirm delegation
- Delegation will now appear in list order below
Functionality: Credential Delegation
- Credential Delegation allows an individual to review the selected user’s access every time the application is selected in a campaign
- Credential Delegations will overarch all other forms of delegation / workflow (example: manager in System of Record or application custodian or entitlement owner)
Use Case:
An administrator is responsible for reviewing the access of their application. Said administrator has been assigned the Application Custodian for this application within SecurEnds.
Conducting an Application Custodian review in SecurEnds will assign all reviews to the selected custodian; however the custodian cannot review their own access. Here, the SecurEnds admin has made the credential delegation for the Application Custodian’s access to be reviewed by a separate, qualified individual.
