What is access certification?

Access certification refers to the process of reviewing an identity's access rights and attesting to their validity. It is an important compliance requirement and security practice that ensures users have appropriate rights to network resources, curbing privilege-related attacks in an organization. With access certification, organizations can implement several security practices such as the principle of least privilege and JIT access to network resources.

Access certification in ADManager Plus

The access certification feature in ADManager Plus enables organizations to periodically review their users' access rights and secure resources from unauthorized access. Along with providing risk assessments, comprehensive compliance reports, and more, ADManager Plus can help organizations meet their IGA goals from a single platform.

How to create an access certification campaign in ADManager Plus

1. Log in to ADManager Plus and navigate to the Governance tab.

   Note: For builds earlier than 8020, navigate to Automation > Access Certification > Access Certification Campaign.

2. On the left pane, under Access Certification, click Access Certification Campaign.
3. Click + Create New Campaign and perform these steps:
• Configure campaign details.
• Select entitlements and objects.
• Select a certifier and schedule the campaign.
• Configure campaign settings.
• Review and run the campaign.

Configure campaign details

1. Enter the campaign name and description in the Campaign Name and Description fields.
2. From the Priority drop-down, select the priority level for this campaign.
3. Select the domain in which this campaign must run and click Next.

   Enter campaign name, description, priority, and domain

Select entitlements and objects

1. In the Entitlement Selection section, choose the entitlement that has to be validated by toggling its button on. For instance, if you would like to review a Microsoft 365 group's membership, click the Microsoft 365 tab and enable Microsoft 365 Group Membership.
2. Select the desired entities under the entitlements.
3. In the Object Selection section, select the users or groups that need to be reviewed. You can choose:
• All users or groups under the entitlement.
• Specific objects by selecting reports or by searching and locating them.
4. Click Next.

   Select entitlements and users to review in the campaign

Select a certifier and schedule the campaign

1. In the Certifier section, choose from the following options:
• Default Certifier: Select an existing workflow executor as the campaign certifier.
• Certifier Assigning Rule: Select a rule based on which the certifier will be assigned. To configure a rule, navigate to Access Certification > Certifier Assigning Rule.
2. In the Scheduler section, configure when this campaign must run and its frequency:
• Start Date: Specify when this campaign must start.
• Schedule to Run: Specify how frequently this campaign must run. You can choose from weekly, monthly, quarterly, and more options.
• End: Specify if you would like to run this campaign indefinitely or when you would like for it to end.
3. Click Next.

   Configure certifier and schedule for the certification campaign

Configure campaign settings

1. In the Configuration section, configure the certification settings for this campaign; mandate comments on access approval and revocation operations, prevent self-certification, and more.
2. In the Campaign Settings section, define what must happen to unreviewed entitlements when this campaign ends; configure the certification period, campaign execution actions, and more.
3. Click Next.

   Configure certification settings and campaign execution options

Review and run the campaign

Review the campaign settings, make necessary changes by navigating to the respective tabs, then click Save to execute the campaign.

Review and confirm the access certification campaign summary.

To discover more about configuring access certification campaigns in ADManager Plus, click here.

Benefits of access certification

By implementing an access certification process, organizations can reap the following benefits:

• Enhanced security

  Regularly audit access to sensitive data and minimize the risk of unauthorized access.

• Streamlined compliance with regulations

  Comply with various mandates like HIPAA and the PCI DSS, which require regular access reviews to ensure compliance.

• Minimized privilege creep

  Reduce privilege creep by regularly reviewing users' access rights and ensuring that their privileges are relevant to their job functions.

• Improved governance

  Perform periodic access reviews to allow administrators to govern users' access rights and ensure that they're aligned with organizational policies and procedures.