Skip to main content

Recertification policies

Description

Soffid allows you to define some policies to define the scope of the recertification process.

Screen overview

  • Name: name to identify the policy
  • Type: list of available recertification types.
    • User entitlements: the recertification process will be conducted to review user access rights.
    • Role definitions: the recertification process will be conducted to review the relationship between roles.
    • Share account entitlements: the recertification process will be conducted to review access rights to shared accounts.
  • Filter: this allows you to define a script to identify the grant list to which to apply the recertification process. The grant object (*1) is always available.
  • Step 1 expression: this allows you to identifydefine a script to determine who theis permissions owners are. Thoseor are in charge to approve or deny &&TODO&&the recertification process in the first level.
  • Step 2 expression: this allows you to identifydefine a script to determine who theis permissions owners are. Thoseor are in charge to approve or deny the recertification process after the first level approveof approval.
  • Step 3 expression: this allows you to identifydefine a script to determine who theis permissions owners are. Thoseor are in charge to approve or deny the recertification process after the second level approveof approval.
  • Step 4 expression: this allows you to identifydefine a script to determine who theis permissions owners are. Thoseor are in charge to approve or deny the recertification process after the third level approveof approval.
  • Mail Template: this allows you to define a template to send an email to the people in charge to approve or deny.

(*1) grant object is a com.soffid.iam.api.RoleAccount object.


Custom attributes

 

Examples

Actions

Add new

Allows you to add a new attribute definition in the system. You can choose that option on the hamburger menu or click the add button (+).

To add a new it is necessary to fill in the required fields.
Delete

Allows you to remove one or more Attribute definitions by selecting one or more records and next clicking the button with the subtraction symbol (-).

To perform that action, Soffid will ask you for confirmation, you could confirm or cancel the operation.
Import

Allows you to upload a CSV file with the attribute definition to add or update the attribute definition to Soffid.

First, you need to pick up a CSV file, that CSV has to contain a specific configuration. Then you need to check the content to be loaded, it is allowed to choose if you want or not to load a specific attribute. And finally, you need to select the mappings for each column of the CSV file to import the data correctly and click the Import button.

Download CSV file

Allows you to download a CSV file with the basic information of all attribute definitions. 


Back to top