Access Certification Tutorial

Last modified 18 Aug 2025 13:29 +02:00
Table of Contents

This pages gives you a quick overview of how you can use access certifications in midPoint, i.e. how to add a campaign definition, create and start a campaign, and how to review it.

Add Campaign Definition

By default, there are no campaign definitions in the repository. You have to add one.

You can use the pre-defined All user assignments campaign:

  1. Download the All user assignments campaign definition.
    Alternatively, you can create your own definition, however for the purposes of this tutorial, we are going to use the All user assignments definition.

  2. Log into midPoint as administrator.

  3. In the left side menu, go to Certification > New campaign definition.

  4. Add the downloaded definition and click Save.

    left menu cert items
    Figure 1. Certification definitions table

Create and Start Campaign

Once you have added a certification definition to the system, you can create a campaign based on it:

  1. In the left side menu in midPoint, go to Certification > Campaign definitions.

  2. Click the dropdown context menu button on the far right of the All user assignments definition, and select Create campaign.

  3. Once you get a confirmation message, you will be able to access your newly created campaign in Certification > Campaigns.

    campaigns page
    Figure 2. Campaigns page

    You can see that the newly created campaign in our example is named "All user assignments 1". As there can be (and probably will be) multiple campaigns for any given campaign type, midPoint names campaigns using the following convention:
    <campaign definition> <number increment>
    The created campaign has 1 stage because it was defined that way. It is in the Created state, i.e. no action has been done yet.

  4. Click the Start campaign button.
    A special task is created to process this action and a task progress bar is displayed right on the campaign tile. Clicking on this progress element will redirect you to the task page. The link to the task page is also displayed at the top of the page within the feedback panel right after the task is created.

  5. Wait until the task finishes. At this point, the campaign has started.

Review Campaign

To check the campaign details:

  1. On the campaign tile, click Details.

    campaign details
    Figure 3. Campaign details view

    The left-side summary panel provides basic information about the campaign. You can see that the campaign is now in the review stage 1 state, and that the stage deadline is in 14 days. There are no decided items yet.

  2. Go to the list of campaigns by clicking Certification > Active campaigns.
    Active campaigns are shown as tiles.

    active campaigns
    Figure 4. Active campaigns view

  3. To view the certification items which should be reviewed, click Show items.

  4. At the Certification items page, manage the individual certification items, e.g. accept or revoke them.

    cert items
    Figure 5. Certification items view

    By default, the system has 2 available responses:

    1. Accept - The state is accepted as is.

    2. Revoke - The state is unacceptable and it should be fixed by removing the particular assignment.

    If needed, you can extend the responses with the following options (learn more about decision menu items configuration, as well as about other possible menu item actions in GUI Action Configuration):

    1. Reduce - The state is unacceptable but a simple assignment removal is not sufficient. This is useful in scenarios when you need to discuss the case to reach a solution. For example, you are considering assigning a role with fewer permissions.

    2. Not Decided - The reviewer is not able or willing to decide.

    3. No Response - The reviewer wants to undo their previous decision regarding a case.

  5. After some decisions have been made, view the responses statistics and some other data in the campaign details view by clicking Certification > Campaigns > All user assignments 1.

    campaign responses panel
    Figure 6. Campaign details view - Responses panel

  6. View the progress of the reviewers and related tasks on the Statistics panel.

    campaign statistics panel
    Figure 7. Campaign details view - Responses panel

  7. Wait until the stage closes automatically (after a defined time, in this case, 14 days), or close it manually by clicking Close stage.
    The status of the campaign changes to Review stage done.
    As there is only one defined stage, the campaign ends.

  8. Click Start remediation to remove all assignments marked as "Revoke". This creates a special task to process this action.

    remediation started
    Figure 8. Starting the remediation

  9. Wait a few moments for the remediation to end.

    closed campaign
    Figure 9. Closed campaign

  10. Optionally, you can reiterate the campaign by clicking Reiterate campaign.

Was this page helpful?
YES NO
Thanks for your feedback