Account recertification

We can view the status of recertification on accounts, or override the recertification rejection status for accounts.

Account recertification is a process used to determine whether accounts are still needed. If the accounts are still needed, then more justification might be required. If the accounts are no longer needed, then certain actions need to be taken. System administrators can create recertification policies for all services, while service owners can create recertification policies for services they own.

All services other than the identity feed service are eligible for recertification. A service can be a member of only one recertification policy.

Orphaned accounts are not included for recertification targets.

We can view the latest recertification status of accounts by service instance.

The administrator or service owner can override certain recertification rejection actions by recertifying accounts on a service. Suspended accounts are not reactivated during the recertification process. The override actions are logged in the recertification log table for reporting.

• Displaying account recertification status
  We can display the recertification status for accounts that are associated with the service instance.
• Recertifying accounts on a service
  We can manually recertify accounts that are associated with the service instance. We can also override the recertification status of the account on the service.

Parent topic: Services administration