Recertification message templates and schedule
A recertification policy defines the content of an email notification to participants and the interval that triggers a request for recertification. The email notification alerts you to recertify a need for a specified membership or access to a resource. The action to be taken when the user does not complete the request by the due date is specified using the Timeout Action setting, which is set to Approve by default. If the recertification is approved or rejected, you can provide optional text for justifying the rejection. The text entered in the to-do list is audited, and can be seen in the Recertification Change History report or the User Recertification History report, depending on the type of policy.
We can create customized message templates for the recertification email and the rejection email.
The recertification email goes to the person who is responsible for recertification and approves recertification. We can modify the email template to provide recertification notices to participants. The recertification email table contains the list of templates that can be used for notification of rejected recertification. The table, which can be sorted, contains Select, Name (such as Delete Access or Remove Account), and Subject columns.
The Rejection email template can be customized to provide rejection notices to participants. The Rejection email table contains the list of templates that can be used for notification of rejected recertification. The table, which can be sorted, contains Select, Name (such as Delete Access or Remove Account), and Subject columns. We can also create our own template. The default templates cannot be modified, but they can be copied to use as the starting point for a new template.
Scheduling options
We can configure a schedule to specify the frequency at which recertification occurs. We can use the following scheduling options when creating a recertification policy:
- Calendar option
- Rolling option
Calendar optio.
Use the calendar option to set the schedule for the policy evaluation period. Recertification for all users, accounts and accesses that are targeted by the given policy then occur at the same time. If the setting is monthly on the first day of the month, and the policy targets a service, the recertification policy workflow is triggered on all accounts on that service at the first of every month.
We can use the following types of options.
- Daily
- Recertifies targets every day.
- Hourly
- Specify the minute of the hour.
- Weekly
- Specify the day of the week.
- Monthly
- Specify the day of the month (1-28).
- Quarterly
- Specify the day of the quarter (1-90).
- Annually
- Specify the month and day (for example, Jan 28).
- Semi-annually
- Specify the day (1-180).
- During a specific month
- Specify the month and day of week or daily and set at a specific time, for example, 12:00 AM.
After specifying the policy evaluation period, you must set the time at which the recertification policy workflow is to be run (for example, 12:00 AM).
Rolling optio.
We can set the rolling option to ensure that only those targets that have not been recertified within a specified interval are subject to recertification when the policy is evaluated. For example, if an account policy is scheduled for weekly evaluation with a rolling interval of 90 days, only the accounts that were recertified more than 90 days prior are subject to recertification each week. The rolling option is not available for access recertification.
A rolling schedule and calendar schedule are identical in terms of how often the recertification policy is evaluated. The difference is that a calendar schedule always triggers recertification for the target resources when the policy evaluates. A rolling schedule, however, triggers recertification only for the target resources that have not been recertified within the specified interval when the policy evaluates.
Parent topic: Recertification policies