Do you have active directory accounts that haven’t been used in more than a year? Do the accounts reflect the individual’s current roles and responsibilities? Is your company ready to demonstrate compliance with industry regulations? With technology moving faster than company processes, an effective IAM program needs to include detective controls to ensure that subsequent access changes remain aligned with the users’ job functions and responsibilities. This can be accomplishing using the Attestation or Certification feature included in most of the Identity Management Solutions. For this post, we will use the term certification, but it is worth mentioning that some tools use the term attestation instead. A certification process enables business stakeholders to be notified through a report that describes the provisioned entitlements that certain users have. Based on this report, they can certify the accuracy of the entitlements by approving or denying them. A certification process can be applied to accounts, roles or profiles, entitlements, privilege access, and many other types. A certification can be time-based (run once a year, every quarter, etc.) or event-based (new user, job change, etc.). The important fact is that your company needs a continuous certification process once this is implemented.

Over the years of implementing recertification for many customers, we noticed that the following are typical certification execution steps (Figure 1):

1. Schedule a review – by year, half-year, quarter
2. Notify someone – by manager or application owner
3. Remind someone or escalate to someone – by manager or application owner
4. Approve/deny/delegate – by manager or application owner
5. Add or remove user entitlements (account, application, groups, permissions, etc.)

Figure 1 No matter which certification type you are integrating in your identity system, remember that users may accumulate entitlements that are no longer appropriate for their job function. The goal for a continuous certification process is to detect and promptly respond to access discrepancies, and to enable your organization to demonstrate compliance within industry regulations. Dell One Identity Manager is just one of the products that integrates the certification process natively and is ready to run with a set of predefined certification policies and approval workflows.

Do you have IAM questions or problems? Not enough time or resources to create a solution? We’d love to hear from you and start on your custom IAM solution today. There’s several different ways to get in touch with us, so pick your favorite and let’s start solving problems today.