Initiate Process

(Click to enlarge)	Description: The first step in configuring an access certification "round" is to select the entitlements that will be reviewed. This may include roles assigned to users, segregation of duties rules whose violation has been approved, login IDs attached to users profiles or user membership in security groups.

(Click to enlarge)	Description: Once entitlements have been selected, the security officer must decide what user information to display to certifiers. Typically this includes each user's name and login ID, but any other information may be added -- department, location, job function, etc.

(Click to enlarge)	Description: With the entitlements and user view configured, it is time to decide who will certify each user's entitlements. There are several options for choosing certifiers: A single certifier can review every user who has any of the selected entitlements. A few certifiers can split up the review, by dividing users into classes (e.g., by location or department). The owner of each resource/entitlement being reviewed can be invited to review a list of users who have that particular entitlement. Each user's manager may be asked to review just the users who report to them.

(Click to enlarge)	Description: With all the certification details setup, the security officer drafts an e-mail which will be sent to certifiers to invite them to perform their reviews.