As a Review Owner, you can view only the review runs that you own. You can start the review run in preview mode or go live. The preview mode enables you to preview review definitions, notifications, and review items before going live. The live review process starts with the initiation of a review run by on-demand action, schedule, or micro certification, and ends when the Review Owner or Auditor, if specified, certifies the review. Between the initiation and the certification of the review run, Reviewers and Fulfillers perform their assigned tasks.
NOTE:Micro certifications are event-driven focused reviews which are always run in live mode. For an overview of the review process and an understanding of micro certification, Section 21.2, Understanding the Review Process and Section 21.3, Understanding Micro Certification.
This section provides the following information:
For steps in a review run, see Understanding the Steps in a Review Run.
Each review runs according to its review definition, which specifies the following items:
Review type and name
(Optional) Review description and instructions for reviewers
Review items, such as user accounts, roles (technical and business), permissions, user access rights, and direct reports to be reviewed by the specified Reviewers
Review options, such as whether certain actions require comments, and self-review policy
Review stages and individuals who serve as Reviewers, such as supervisors, permission owners, and application owners
(Optional) Individuals who monitor reviews, such as owners and auditors
(Optional) Escalation process for review items
Review time frame that contains an expiration policy and partial approval policy
Notifications to be sent throughout the review
(Optional) A schedule for automatically starting the next review and repeating the review on a regular basis
(Optional) Default grouping of request items
When you initiate a review run, Identity Governance generates tasks for the assigned Reviewers. The Reviewers are responsible for reviewing a set of users and deciding whether the current user access should be maintained or revoked, or, in some cases, modified. Identity Governance can send reminders to the Reviewer or escalate the review items to the Escalation Reviewer, if one was specified in the Review Definition, or to the Review Owner who is the default Escalation Reviewer. Also, review items in the exception queue (unmapped accounts) are automatically assigned to the Escalation Reviewer if an escalation reviewer was specified for that review. In a multistage review, Identity Governance forwards the task to the next reviewer before it finally moves the tasks to the Escalation Reviewer or Review Owner queue.
Reviews that contain reviewers specified by a coverage map can result in an escalation if no matches could be found from the coverage map. For more information about reviewers, see Section 21.8, Specifying Reviewers. For more information about managing Reviewers, see Section 26.3.5, Managing the Progress of Reviewers. For more information about performing a review, see Section 27.2, Performing a Review.
The source of the identities, permissions, accounts, and roles under review drives how review-related requested changes are fulfilled. The fulfillment process can be manual tasks, automated actions in Identity Manager, actions sent to help desk services, or actions initiated by workflows in Identity Manager. Review Owners and Review Administrators can view the fulfillment status of review items as soon as a review run is partially or fully approved.
For more information about fulfillment and viewing fulfillment status, see Section 28.1, Understanding the Fulfillment Process and Section 26.3.7, Viewing Fulfillment Status.