This article continues the reviewer’s journey toward completing Access Reviews within SecurEnds. If you have not seen the previous article on “how to log in as a reviewer”, please see here
Conducting an Access Review
After logging in, you will be taken to the following screen to conduct reviews (Image 1). Select the “Open Campaigns” box to view the campaigns.
You can see the list of campaigns that have been assigned to you (Image 2). Select “Begin Review” to be taken to the review screen for a particular campaign.
Once you begin a campaign, there are five relevant pieces of information (Image 3):
- The Green Box at the top
- This box will provide additional instructions for the campaign. This verbiage was provided by your SecurEnds company admin.
- The User’s Names
- Under the “Direct Report Access Review” column, all the “users” that are assigned to the reviewer are listed.
- The “Review” button next to the user is to be clicked to review the credentials and any entitlements associated with the individual user.
- Review All
- The “Review All” button on the top right can be used to review the credentials and any entitlements of all the users together. This is a good option to reduce the number of clicks.
- The drop-down will present 2 options.
- Update Manager Comments – Optional comments can be entered for the user by the reviewer.
- Termination Date – If a termination date is known for the user, enter that date and click Save. The pending elections will be recorded as revoked and the UI will update to 0 elections pending for that user.
- NOTE: The date entered for termination must be a past date and cannot be today’s date.
- The drop-down will present 2 options.
How to Conduct Access Review:
- Credential: How the person is identified in the application. It could be a Username for an Application, Email, Employee ID, etc.
- Entitlement: All encompassing title for what is accessed. It could mean an app available in Single Sign-On, permission, privilege, role, group, etc.
- Description: Adds more detail to what accessing an entitlement entails (if needed)
- Notes: Adds additional information on the reasoning for revoking a credential or entitlement. It is used when access is questionable or unknown and additional follow-up is needed. Notes are kept for audit purposes and sent to the application owner after a review for follow-up and additional decision making
Reviewing Process Workflow:
• If the user should have access to Application but not the entitlements listed, Approve the credential but revoke the individual entitlements.
• It is best practice to add a Note for any revoked credential or entitlement
Individual user review screen:
Upon clicking “Review” next to a user, the following screen appears (Image 4):
In the top box, you will see Campaign Name, Reviewer (you), Person under review, Email of the person, and their status within the System of Record. The system of Record is the main source of information for all the users in the organization. This status could be Active or Inactive meaning they no longer have access to the core system of record, implying they have been terminated.
Under “Application”, you will see the applications to which the user has access.
Under “Description”, you will see any meaningful description associated with the entitlement if provided by the application owner.
Under “Status”, you will see the status of the user’s credential. In this instance it is active.
Under “Action”, is where you can make elections for the review. You can Approve or Revoke or click the Justification icon to the right of Revoke to leave a note (see note window below).
NOTE: If you revoke a credential, all entitlements will be toggled to Revoke as well.
Review All screen:
Once you have made your elections, then you are ready for the next user to review. The buttons at the top of the previous screenshot “Approve All, Revoke All, Clear All, Save, Next and Back” do just that. You can quickly approve or revoke access with approve/revoke all.
NOTE: “Next” functions as a next and save. It will save your elections and pull up the next user to be reviewed. Upon reaching the last review, no Next button will appear, but be sure to “Save”!
Upon clicking Back, a pop-up will show the remaining number of entitlements that need to be reviewed:
You are complete with the review once you have all ZEROs within the pending column of all users assigned to you. You will get a popup screen after completing all the reviews, as shown below: