Submitting a certification campaign

Once you have determined what to certify and by whom, select the Submit tab to review changes and define notification details. The details vary for:

Submitting entitlement reviews

On the Start certification campaign page for an entitlement review:

Click the Submit tab on the configuration page for a new or saved campaign.
In the Notification details section:
1. Type the Certification campaign description to be displayed to reviewers.
2. Review the Segment description, if applicable (for certification by entitlement reviewers).
3. Review the Email.
  If you want to edit the notification details for this campaign, select the ”Other” radio button and type the message. Hover your cursor over the question mark to see variables you can include. The values will be inserted in the actual notification message.
4. Type Instructions for reviewers, if needed.
  The instruction pop-up will be displayed when the reviewer first opens the certification app. Thereafter the reviewer can click on the help icon to view the instructions.
5. Select or deselect the Disable review of own entitlements checkbox to determine whether reviewers can certify or revoke their own entitlements. If enabled, the certify and revoke actions are blocked for their own entitlements. The reviewer can delegate review of these items to another user.
  If a reviewer delegates an item to the owner of the item it will be blocked unless the delegation allows further delegations.
  The message that is displayed when a delegation is performed to the owner of the item and further delegation is not allowed and self review is disabled is:
  With Self review disabled - cannot delegate an item to the owner [Full name of delegate] of that item unless further delegation is permitted.
  A reviewer may perform a partial sign off after delegating their items to another reviewer and completing the rest of the items in their segment.
6. Select or deselect the Sign-off password required checkbox to determine whether reviewers must enter their password to sign off on a campaign.
  The default setting is determined by the CERT PROMPT PASSWORD system variable.
7. If you selected Entitlement authorizers in the Reviewers tab, select the Late binding authorizers checkbox if you want authorizers to be updated when a saved or scheduled campaign is started. This means, for example, if a group's owner has changed since the campaign was set up, the new owner will be uses as authorizer. This option is disabled by default.
8. Select or deselect the Comments required checkbox to determine whether reviewers must enter comments for all items before sign off on a campaign.
  If this option is selected then the reviewer must add a comment to any item that was certified or revoked. If the item was previously certified and is still within the CERT VALIDITY INTERVAL then no comment is required.
  This option is intended to be used to provide control at the campaign level whether comments should be enforced. If comments are always mandatory then the system variables CERT REQUIRES COMMENT TO CERTIFY and CERT REQUIRES COMMENT TO REVOKE should be used.
  The option will only override the settings of the system variables if it is checked. It will not act to disable the need for comments if the system variables are Enabled.
9. Review Certification validity interval.
  The value is automatically set by the CERT VALIDITY INTERVAL system variable, which by default is set to 30 days.
  It allows the certification initiator to specify the number of days until the certification expires.
  The value cannot be negative, but it can be 0 which means that the certification is no longer valid directly after sign-off.
Review the Resources to be certified.
You can go back and make changes if necessary; changes made on this page are saved.
If managed groups are being certified, you can select which type of members to review:
- Accounts to only review accounts with group membership.
- Child groups to only review child groups.
- Accounts and child groups to review both.
Child groups can only be certified by single reviewers or entitlement authorizers. If any other certification method is selected, only accounts can be certified and this option will not be available.
Review the User summary section, including the:
- Selection method for users to be reviewed
- Review method
If the review method is Certification by entitlement authorizers, there is an option to Consolidate reviews for same reviewer. It is selected by default, so that all segments that have the same reviewer will be combined into one segment.
Click:
- Save to save the configuration before starting or scheduling a campaign.
  Continue to Saving a certification setup .
- Schedule to schedule a previously saved configuration.
- Launch campaign to start a campaign without saving.
  1. If you selected OrgChart reviewers, schedule OrgChart manager notification emails .
  2. Click Start new campaign.

Submitting configuration reviews

On the Start certification campaign page for a configuration review:

Click the Submit tab on the configuration page for a new or saved campaign.
In the Notification details section:
1. Type the Certification campaign description to be displayed to reviewers.
2. Review the Segment description, if applicable (for certification by configuration reviewers).
3. Review the Email.
  If you want to edit the notification details for this campaign, select the ”Other” radio button and type the message. Hover your cursor over the question mark to see variables you can include. The values will be inserted in the actual notification message.
Review the Configurations section, including the:
- Configurations to be reviewed
- Review method
If the review method is Certification by configuration authorizers, there is an option to Consolidate reviews for same reviewer. It is selected by default, so that all segments that have the same reviewer will be combined into one segment.
Click:
- Save to save the configuration before starting or scheduling a campaign.
  Continue to Saving a certification setup .
- Schedule to schedule a previously saved configuration.
- Launch campaign to start a campaign without saving.
  Click Start new campaign.

Save a certification setup

You can save a certification setup once you have reviewed changes and defined notification details . On the Save certification setup page:

If the current setup is based on a previously saved certification setup that you don’t want to overwrite, click Save new...
Type an ID and Description for the setup.
Make the setup Shareable if you want to allow other users to use it.
- A shared certification setup can be used by other users but it can not be overwritten.
- Only the creator of a shared certification setup can delete it.
- Users with the "Initiate entitlement certification campaigns" privilege can use a shared certification setup only if the certification method is single reviewer.
- A setup cannot be shared if it uses a saved search.
Click:
- Save to take no further action at the moment.
- Save and schedule campaign to schedule campaigns to start later.
- Save and launch campaign to start a campaign immediately.
  1. If you selected OrgChart reviewers for an entitlement campaign, schedule OrgChart manager notification emails .
  2. Click Start new campaign.

Configuring OrgChart manager notification campaigns

If you chose OrgChart managers, configure the Number of days to wait between sending out invitation emails to each level of the OrgChart before starting a campaign.

Bravura Security Fabric uses notification campaigns to stagger the emails it sends to managers based on their level in the OrgChart . The default interval is determined by the CERT EMAIL INTERVAL.

Click to see the notification schedule.
Select a date in at least one date field. To select a date click on the date field and type a date or choose a date with the calendar.
If you have left fields blank, click Calculate to automatically populate other date fields based on the Number of days to wait between sending out invitation emails to each level of the OrgChart.
In the notification list, the level 0 represents the top level manager for the campaign , not necessarily the CEO or top-level manager in your organization.

Schedule a certification campaign

You can schedule certification campaigns once you have reviewed and saved the configuration. To schedule certification campaigns, on the Schedule certification campaign page:

Configure settings as listed in Table 1, “Scheduled certification campaign settings”.
If JavaScript is enabled, options are shown or hidden depending on the Repeat type.
Click Schedule.

In a multi-server environment, a certification campaign can only be scheduled on one server.

Table 1. Scheduled certification campaign settings

Option	Description
Job ID	Update the ID for this scheduled certification, if necessary.
Email address to send scheduled certification warnings to	Type an email address to receive notifications of problems with scheduled certifications. If not specified the RECIPIENT EMAIL address is used.
Enabled	Use this to turn on the scheduled certification.
Repeat type	Select the frequency of the scheduled job using the drop-down list. Depending on the repeat type, set scheduling options: Run once – you must select a Date and time to run this job. Daily – you must select which Days to run this job by selecting either Every day or Only on weekdays. Weekly – you must Choose the days of the week to perform this task. Monthly – you must Choose the days of the month to perform this task and Choose which months to perform this task. All months are selected by default. Quarterly – The task is started every three months after the initial run. Semi-Annually – A new round is started every six months after the initial run. Annually – A new round is started every twelve months after the initial run.
Period mode	For jobs that are repeated quarterly, semi-annually, and annually, choose either: Start date - then Period start date and time Month/week/day - then select the first month, week of the month, and day of the week to perform the task. The Choose the first month to perform this task setting is based on the current calendar year. For example if you set the first month for a quarterly job to January, and the current month is February, the task will start in April.
Date and time to run / Time to run	All scheduled jobs time to run is local to the server that runs the job. Except for jobs that are run once, the default time to run is set by Manage the system > Modules > Options > DEFAULT SCHEDULED TIME.
Last day of the month	For monthly to annual schedules, use this setting to avoid missed run times. For example, if you schedule a job quarterly, with a start date of August 31, the next run time after August 31 would be November 31, which does not exist. With this setting enabled, the next round would start on the last day of the month, November 30.
Job time range	Specify if you want your job to always run, to run for a specific length of time, or for a specific number of iterations by selecting one of the following from the drop-down list: Always run – Scheduled job always runs as specified. From specified start date to end date – Click the date/time fields to select a date and hour for the Start date and End date . To edit the minutes enter a time in the HH:MM format. For number of iterations from specified start date – Click the date/time field to choose select a date and hour for the Start date. To edit the minutes enter a time in the HH:MM format. Specify a Number of iterations to run. Your job will only run for the number of iterations you enter here.

In this section: