Skip to main content

Access Reviews for Entra ID App

This document is a tutorial guide that elaborates on how to do Access Reviews for your Entra ID App

Creating the certificate

The first step of doing access reviews for your Entra ID App is to create a certificate in IDHub. Click Here to learn more about how to create a certificate.

Choosing the certification type while creating the certificate.

There are two types of certificates. One is user access and the other is resources access. Since this tutorial you would learn how to audit user access to the Entra ID App, therefore you need to select certificate type as user access.

Also, In the certificate creation wizard, make sure that you select the Entra ID App under the resources section.

Running the Certificate

After creating the certificate, Run the certificate. To do this:

  • Go to Certificates
  • Click on the 3 dots menu for the certificate that you want to run.
  • Click on the run menu
  • A dialog box will appear (as shown below), then you click on the Yes button.


If the certificate has an approver, then a task would be generated for the certificate approver and once he approves, the certificate task would be Displayed.

Certificate Task

Once the certificate is run successfully, a certificate task would be generated for the certifier. The certifier needs to click on the Tasks (left menu) under the IDHub admin app. The certificate task would be displayed in the page (as shown in the screenshot below).

Taking Action on the Certificate Task.

You can click on the task and then you would be able to view the details of the certificate Task.

Certifying the Catalog items in the task

If you (the certifier) would like to certify the catalog items in the task. Then in that case, click on the certify button. Enter a reason for the same. Then click on the certify button. Once you finish certifying all the catalog items in the certification task. IDHub would display a dialog to complete the certificate.

Once you click on the YES button. The certification task would be deemed completed.

Revoking Catalog items in the certificate task

As a certifier you see that access to the Entra ID App needs to be revoked for the user, then in that case you need to click on the 3 dots menu for that item in the certification task and click on Revoke menu.

Again click on the revoke button (enter a reason for the revocation). As is shown below, the item would be revoked for the user. You can then complete the certification by clicking on the complete button below. Once this is done, IDHub would revoke the account from the Entra ID App.

Ending Notes

If you have any questions or concerns, or if there are areas you wish to explore further, please feel free to reach out here. Your feedback is incredibly valuable, not only in improving these resources, but also in helping to shape future content.