Hello,
As the title states, I am having some trouble with an Access Certification on a new install. I configured the Certification Reporting as detailed in the documentation here (RPM Install): Certification reporting. I created a user access review per this documentation: User based review.
I have three tests users configured in the review and a fourth test user is their supervisor. I don’t see anything come through to the supervisor for review, I can’t see the campaign in the dashboards or reports screen, and in the logs it looks like it submits the certification but never gets a response and I’m assuming that’s where it’s getting stuck. Any ideas what I missed? I tried searching through the logs for each service but I’m not seeing anything.
Appreciate your help!
Hi @netrunner2077
Please ensure that the user is assigned to a group or role that includes the “IS_certified” access right. This ensures the user is included in access certifications.
This is an out of the box access right.
For more information, refer to the OpenIAM documentation:
Hey @pradeep.bhalla, thanks the the reply. I’ve looked over the documentation but don’t see an answer to this.. is there a way in the web console to assign access rights to a group, or multiple groups? In the documentation it talks about creating a request, which I tried, but doesn’t appear to be working, or the requests aren’t set up properly.
Appreciate any further help you can provide!
Hi @netrunner2077,
There are a few different ways to achieve this in OpenIAM.
One approach is through the user synchronization script. For example with out of the box AD user synchronization script. During the sync process, when users are imported from Active Directory, group assignments are handled automatically, and access rights marked as “Is Certified” are assigned accordingly.
if you prefer to assign access rights manually:
Edit a User
Go to the User’s Entitlements section.
Click the Edit button and select a relevant role or group.
Click the Edit button again and in the popup, select the Access Right, and ensure you mark it as “Is Certified.”
Hey @pradeep.bhalla,
Thanks a ton for the info! From your response I was able to figure out where I was going wrong here.
I needed to create an IsCertified access right and assign it to the managed system (example, AD Powershell). Once this was assigned and I ran the user import again, it assigned the IsCertified right automatically to the groups the user is assigned to.
I also had created some users manually and then added them to some groups for testing and was able to add the right by following your instructions. Thanks a bunch! and hopefully this helps people in the future trying to figure this out!
