Certification Process
Memority offers several types of Certification:
Authorization Certification
To certify the association of an identities authorizations
Object Certification
To recertify any attributes or relationships between objects (Identity, Applications, etc.).
Role Assignment Certification
Memority can be used to define a set of properties to define the certification processes for identitie's authorizations:
Certification mode
Identity scope
Allows you to configure a set of rules to define the population eligible for certification
Role scope
Allows you to configure a set of rules to define the roles eligible for this certification.
Timeframe/Period
Configure the certification timeframe
Workflow
Define the validation process for this certification
All of Memority's workflow capabilities can be used to define the certification process.
These properties can be used to fine-tune several certification processes to suit customer requirements.
Examples:
For all roles from a "Sensitive" application and for all "Service Provider" identities, certification will be triggered 180 days after the role assignment date. The validation process will consist of 2 validation stages (Validation Manager, Validation Application Manager)
For all roles originating from a "Sensitive" application and for all "Internal" identities, certification will be triggered 360 days after the role assignment date. The validation process will consist of 1 validation step (Application Manager Validation)
For all roles originating from a "Critical" application and for all "VIP" identities, certification will be triggered automatically on the 1st day of each quarter. The validation process will consist of 2 validation steps (Beneficiary Validation, Manager Validation).
Certification status
Certified : The entitlement is certified (already certified during a previous review or because the entitlement has not yet reached the first certification date).
In progress: The authorization is in the process of being certified. A certification process has been initiated but not yet validated.
Not Certified: When validating a certification, it is possible to contextualize the refusal of a certification:
Refuse certification: Fill the certification status to Not Certified. This information can then be used by Memority to :
Request an authentication level when accessing this application
Remove authorization automatically 30 days after refusal
Immediately remove authorization: Refusal of certification automatically removes authorization for the identity.
Certification Mode
Memority offers several modes for certifying identity authorizations:
On the fly
On-the-fly certification makes the process of certifying an identity entitlement smoother and more efficient.
The certification process is triggered automatically on a daily job, according to the date on which the identity authorisation is granted.
Scheduled
Programmed certification allows you to trigger a certification campaign on a scheduled job.
It is possible to configure the execution of this programmed campaign:
Fixed
Interval (every 1st day of the month)
Manual
Manual certification is triggered directly from the Memority portal. It allows you to manually select the identities and roles to be certified. When the functionality is submitted, the certification processes are triggered.
Reporting
Memority offers a set of reports for viewing and tracking the progress of certification processes.
Unitary view
Directly from the identity cockpit and its dashboard role, you can view :
The current status of the identity's authorization certification
Certification history with reviewer information, certification date and comments
If a certification process is already in progress, information on the progress of the validation process
Role Dashboard cockpit certification view
Centralized view
Memority offers a default report that provides a centralized view of the certification status of all identities.
In this report, a set of filters is available to provide different views:
Campaign: For dedicated monitoring of scheduled or manually-triggered campaign launches
Identity: Provides a unified view of all certification statuses for a specific identity
Role: Provides a unified view of all certification statuses for all identities for a specific role
Global view
With a dedicated filtering to follows fine-tune
Object Certification
Memority allows you to define several properties that can be used to define object certification processes:
Certification mode
Object scope
Allows you to configure a set of rules to define the population eligible for certification.
Reference Attribute
Defines the date attribute used to define the certification process trigger criterion.
Workflow
Allows you to define the validation process for this certification
All Memority workflow capabilities can be used to define the certification process
Refusal action
Defines actions to be taken in the event of certification refusal
e.g. Deactivate identity, Change attribute, Delete reference, ...
These properties can be used to fine-tune several certification processes to suit customer requirements.
Examples:
For all service provider identities associated with a "Sensitive" service, certification will be triggered 90 days after the date on which the service is associated to the service provider. The validation process will consist of 2 validation stages (Manager Validation, Service Provider Manager Validation).
For all "VIP" identities, certification will be triggered automatically twice a year. The validation process will consist of one validation step (Security Manager Validation)
For all organizations attached to the "My-Company" parent and being "Sensitive", a certification will be carried out 180 days after the creation date.
For all business profiles giving "Sensitive" application access, a certification will be performed 90 days after the creation date.
Certification status
An object can have several certification statuses. In fact, it is possible for an identity to have several types of certification (certification linked to its organization, linked to its VIP status, ....).
These statuses are therefore specific to each certification process for which the object is eligible.
Certified : The object is certified (already certified in a previous review or because it has not yet reached the first certification date).
In progress: The object is in the process of being certified. A certification process has been triggered but has not yet been validated.
Not certified: The object is not certified. The action configured on the certification process is executed.
Certification Mode
Memority offers several object certification modes:
On the fly
On-the-fly certification makes the process of certifying objects smoother and more efficient
Certification processes are automatically triggered on a daily job, according to the reference date configured in the certification process
Scheduled
Programmed certification allows you to trigger a certification campaign on a scheduled job. This campaign can be configured to define the scope of objects eligible for this campaign (all internal identities with a VIP status).
Reporting
Memority offers a range of reports for viewing and tracking the progress of certification processes.
Unitary view
Directly from the identity cockpit, you can view :
Current object certification status
Certification history with reviewer information, certification date and comments
If a certification process is already in progess, information on the progress of the validation process.
Centralized view
Memority offers a default report for centralized viewing of object certification status.
In this report, a set of filters is available to provide different views:
Campaign: for dedicated monitoring of programmed or manually-triggered campaign launches
Object: provides a unified view of all certification statuses for this object