User Access Review

Ensure ongoing compliance and security by regularly assessing and validating user access rights, permissions, and roles with Identity Governance User Access Reviews. Schedule reviews on a timely basis to ensure you are ahead of audits.

Access Review.png

Access Review

IAM (Identity and Access Management) user access reviews are an important part of ensuring that your organization’s security measures are up to date and effective.

These reviews help identify any potential security vulnerabilities or areas of non-compliance, enabling you to make necessary changes before they become a risk.

By identifying any potential issues and vulnerabilities in your system, you can take the necessary steps to address them and ensure that your organization remains secure.

Access Certification

IDHub user access reviews are called Access Certifications, and can be created and managed by IDHub System Administrators, who can define the parameters for each Certification.

System admins can perform the following actions while using the Certification tool:

  • Create new access certifications
  • Modify existing certifications
  • Run IAM certifications in real-time
  • Schedule certifications to run on a later date and time
  • Create certification campaigns that run continuously on a scheduler
  • Archive certifications that are no longer in use
  • Assign user access certification tasks to appropriate users, job titles, or managers

User Access Reviews vs Resource Access Reviews

IDHub user access certifications can be created to audit a user, or a group of users, as well as a resource, or a group of resources.

In the images below, you can see the two types of Certification Tasks

  • Certifying all user access to the resource Xero
  • Certifying the user Steve Clark's access

IAM Certification Custom Queries

IDHub makes it easy to fine-tune specific data sets when configuring Certifications.

The advanced filtering allows admins to choose what and who to certify, by targeting user attributes or custom queries.

Admins can quickly set-up granular data sets to audit specific users of an application or permission.

certification query

Automate User Access Reviews

IDHub Access Certifications can be configured to auto trigger an audit, based on certain predetermined events. 

Out of the box Certification triggers include:

cert trigger settings.png
  • User department changes
  • User status changes (active to disabled or LOA)
  • User job title change
  • User location change

Like most features of IDHub, identity access management certification triggers can be configured to do exactly what you need, as they are based off IDHub Workflows and Automations.

IDHub allows for custom no-code workflows, using all events, triggers, attributes, and processes, as parameters for your access review needs.

Access Review Process

Below we explain the Access Review Process in IDHub.

When a new Access Certification is created by an admin, a certifier is selected during configuration. The certifier is the user that will receive the task to review access.

IDHub is flexible, allowing admins to choose exactly who they want to perform the access review.

  • A Named User
  • A Role or Job Title
  • The Beneficiary's Manager
  • The Resource Owner


Access Review Tasks

Each access review task will indicate exactly what the certifier needs to review.

In this example, we can see the certifier received 3 tasks:

  • Certify Access to Docusign
  • Certify Access to Docusign Admins
  • Certify Access to Docusign Standard Users

certification tasks

Certify and Revoke Access

Within the task, certifiers can perform the following actions:

  • Certify Access
  • Revoke Access
  • Escalate the task if they are unsure on how to proceed

In this example, the certifier will revoke Liz's access to Docusign Admin permissions, or we call entitlements.

Access Reviews

Compliance Audit

Compliance audits and requirements can be stringent, and maintaining the precise schedule for them can be tricky.

Some security policies require access reviews to be completed on an annual, quarterly, monthly, or even weekly basis.

IDHub access certifications can be configured to automatically initiate on a predetermined schedule. If the schedule changes, admins can easily modify the certification scheduler with a few simple clicks.

certification scheduler

Approval Workflow

Access certification approval workflows determine what happens before and after the certifier completes the task.

IAM approval workflows can accommodate any process needed for access reviews. For instance, sending notifications to the appropriate users, generating additional tasks to specific users, or any flow, at any time in the review process.

A few examples:

  • Before any tasks to review access are sent to certifiers, a safe-guard task is initiated and sent to the user in charge of deciding if the audit can take place.
  • If the user has been certified, they keep their access and nothing changes.
  • If a revocation is initiated, IDHub immediately deprovisions access to that resource, for that user.
  • A notification is sent to managers, informing them that access was certified or revoked to a user on their team.

Any flow needed for your organization can be accommodated with IDHub Workflows.

Take a peek at IDHub, Tour it yourself with no obligations.

Identity and Access Management

IAM Certification

User Access Control

Learn more about Access Control and utilize our free Access Control Policy Template, to help establish a healthy framework for your organizations access control.

Workflow Templates

Download our most common Workflow Templates, including editable versions in Visio, SVG, and PDF formats. Completely free to you.

IAM Access Reviews

Learn about Identity and Access Management Access Reviews, why they are important, and how you can ensure your employees only have the access they need.

Improve defenses and drastically cut your daily workload.