Certification - process

Last modified 28 Nov 2023 18:22 +01:00

Certification process should contain following steps:

  1. Campaign definition

  2. Certification

  3. Remediation

  4. Summary

TODO - we need also define what should be in certification template

1. The process

The certification campaign can be specified, started and even analyzed by "advanced" business user. It means, that security officer should be able to start new certification or certification campaign.

The campaigns should be started from previously prepared certification templates. These templates (our certification definitions) should be prepared by engineers.

1.1. Campaign Definition

User interface should be understandable for an advanced business user (simplify the terminology). The user just selects from a predefined template and then determines which individuals need certification, what to be certified and other parameters.

Definition of certification campaign should consist of following steps:

Select objects for certification (who/what will be certified)
  • object type, list of objects.

  • This step can also be omitted (if dealing with all individuals with a specific assignment).

Specify what needs certification
  • Assignments (select desired ones).

  • Attributes (and their selection)

    • even extended attributes can be selected here (should be defined in template)

  • Content of the role (inducements within business role)

  • Specific assignment - role owner/approver

The certification may be complex: E.g. certification of business roles - may require certification of all inducements and attribute "description" and approver as well .

Who will perform certification

Select who will perform the certification tasks.

E.g. it may be the manager of the individual or owner of the role that is being certified.

Possible decisions (types of decisions allowed)

Here a set of buttons should be defined. Additional . * "Extend validity." - button for extending validity of an assignment * "Limit validity" - if the assignment is unlimited, the user can limit the validity. * Allow "I don’t know" response. (our button Not decided)

  • If attributes are being certified, it may happen, that he wants to provide possible new values for specific attribute

Certification aggressiveness

This option can tell what to do with unanswered certification items.

  • Normal - standard operation. Unanswered questions are untouched

  • Agressive - the unanswered certified assignments are removed

Certification validity period
  • deadline till which the certification campaign finishes.

  • Until closed by the author.

Remediation method
  • Automatic - what midPoint can remove will be removed

  • Report - midpoint prepares remediation report

    • what should be in the report ? Revoke or also undecided ?

  • Hybrid (?) - what is decided will be revoked automatically, other will be reported in the remediation report

1.2. Certification

The user interface should be easy to use. TODO - how should user interface look like ?

The interface should be different for certification campaign and microcertification.

We are displaying direct assignments only. Each manager will have quite a lot of direct assignments to answer. It would make the overview too complex if he has indirect assignments as well.

We will need to display assignments assigned by policy, but we need to explain that this is by some policy. These assignments (although they can’t be removed) must be shown as it should be confusing for users if missing.

User interface should be easy to use also for certification of user validity (e.g. whether the user still works) and some his attributes.

1.3. Remediation

Automatic/manual / hybrid

TODO - must be discussed

1.4. Summary

Now the cerification campaign is done. One page nas show some statistics of the campaign.

?dashboard ? or what else ? Some dashboard displaying basic information - what it was about.

  • Basic report from the certification campaign (basic).

    • CSV/Excel - with all responses, for further processing. (users can process it manually - flexibility)
      For more sophisticated environments, an engineer can modify it.

  • Remediation report

Was this page helpful?
Thanks for your feedback