26.2 Performing a Review

This section provides the steps required for you to complete Reviewer tasks associated with a review run. Usually, Identity Governance sends an email notification when you have tasks in a review run.

For more information about the Reviewer’s authorization and the review process, see Section 26.1, Understanding Reviews.

  1. In Identity Governance, select Reviews.

  2. (Optional) Click the gear icon to view additional column options and customize column display. For example, you can drag Started by to the list of selected columns to view whether a review was started on demand, on schedule, or by micro certification remediation.

  3. Select the review run on which you want to act.

  4. (Optional) Adjust display options to help you manage your review items:

    1. (Optional) Select Include submitted items to see all review items on the list.

    2. Click Show all to see a list of grouping options. The grouping options are especially helpful when you have a long list of review items.

    3. (Optional) Select a grouping option to sort review items by groups and to easily take action on all or selected review items within a group.

    4. (Optional) Enter a search string such as user name, specific review item, or decision to filter review items, and to easily take action on all or selected review items within the filtered list.

    5. Click the gear icon to change the display options by adding, removing, or rearranging columns.

  5. For each review item, click the review item link to get help with making your decision, and then select an action. You can also select multiple review items across pages and use Actions to select an action.

    NOTE:The review type and definition determines which of the following actions are allowed for a review instance.

    • (Conditional) Keep to specify that you believe that the user should have the permission, account, or role

    • (Conditional) Assign, if there are unmapped accounts, to map the account

    • (Conditional) Modify, if the review definition allows this option, to change attribute value or to provide modification instructions such as account needs an account custodian.

    • (Conditional) Keep assignment to specify that the user should have the previously assigned supervisor when reviewing direct reports

    • (Conditional) Change supervisor to specify that the user should have a different supervisor when reviewing direct reports

    • (Conditional) Remove assignment to remove the supervisor when reviewing direct reports

    • (Conditional) Remove to specify that you believe that the user should not have the permission, account, or role

    • (Conditional) Review user profile to review user attribute values and either modify values and Save changes or confirm No profile changes

      NOTE:You cannot modify attributes values in bulk.

    • (Conditional) Review business role definition to review memberships, authorizations, or attribute values and Save changes or confirm No changes

    • View Activity to decide what actions to take or what actions have been taken

    • Change Reviewer to pass the decision to another reviewer

      NOTE:If you select User B, who has a delegate User C who has a delegate User B, as the new reviewer, Identity Governance will issue a warning and disable the Change Reviewer option to prevent cyclical delegation.

    • Download all review items as CSV to download all or a selective set of review items as a CSV file for manual review. You can selectively download review items by selecting a grouping option or searching for values for columns included in the Review Settings > Review Display Customization menu. For example, if you want to review only items for one application, you can select Group by application. If you want to include items whose decision you had previously submitted, you can select the filter icon and include submitted items.

      NOTE:The download list items count will not match the actual number of review items in an Account Review that includes permissions. The count reflects the number of accounts that match the search criteria, however, all the permissions under each account will also be included in the download resulting in more items than the number displayed on the review page.

  6. Review the changes to ensure accuracy.

  7. Select Submit to confirm your actions on the review items.

    This action locks your decisions and moves the items out of your queue. Identity Governance then moves the items to the next reviewer’s queue if this is a multistage review and you are not the last reviewer. If you are the last reviewer, Identity Governance notifies the Review Owner that the review is ready for certification.

    If one of your review items is in the Multiple Reviewers queues, your decision gets locked in when you Submit the decision. If you have not yet submitted a decision and another reviewer makes a decision and submits before you, it is the other reviewer's decision that gets locked. You can select Include submitted items if not previously selected and see the decision in the View Activity option.