Certification process
The certification process can vary depending on the method chosen, but generally proceeds as follows:
Bravura Security Fabric product administrator configures and starts the certification process using the Manage certification process (CERT) module.
Bravura Security Fabric notifies reviewers that they need to review user privileges.
If the OrgChart method is used, Bravura Security Fabric sends email to the lowest-level managers first. After a configurable delay, to give these managers a chance to finish their work, Bravura Security Fabric sends email to the next level of managers. This continues in a bottom up sequence until all managers have been invited.
Reviewers log into Bravura Security Fabric and click a link to start their review process.
Reviewers can choose to review accounts or groups by user or by resource.
Depending on the type and scope of the review, the reviewer can identify and flag for removal:
Subordinates who no longer work for the organization
OrgChart managers can also transfer users who no longer report to them to other managers.
Accounts which are no longer needed
Inappropriate group memberships
Segregation of Duties rule violations
Inappropriate roles
The reviewer is asked to sign, with a validated network or directory password, a statement to the effect that the certification is complete.
Bravura Security Fabric bundles the changes identified in Step 4 into access change requests to be processed by the product’s workflow engine, where they can optionally be subjected to an authorization process before they are fulfilled.
When the OrgChart method is used, Bravura Security Fabric collects certifications up through the organization’s hierarchy. Manager A’s certification is not considered to be complete, and cannot be signed off, until all of the managers (B, C, …) that report to A, directly or indirectly, have completed their own certifications.
In the case of a quick or ad hoc certification, the process is simpler:
An end user (userX) logs into Bravura Security Fabric and clicks View and update profile , then selects another user (userY).
Bravura Security Fabric applies a two-participant user class to evaluate whether userX is permitted to certify userY.
If permitted, then the Initiate a review of all entitlements option is available for userX to initiate a certification of user Y. If not permitted, the option is not available.
The access certification feature works with the following web modules and services.
Program | Purpose |
|---|---|
Manage certification process (CERT) module | Allows product administrators to configure and start access certification campaigns. |
View and update profile (IDR) module | Allows reviewers to review current access and request changes. Self-service users can also request a review of a single user. |
Requests application | Enables users to view the status of their requests. Allows authorizers to review and either approve or deny requests. |
Workflow Manager Service | Receives requests for authorization workflow. In most cases, user provisioning requests made through self-service require approval before they can be completed. |
For screenshots and step-by-step details of certification procedures, see Certification Campaigns in End User Documentation
