Create a user recertification policy

As an administrator, we can create a user recertification policy to recertify the accounts, group membership of accounts, and memberships of users.

  1. From the navigation tree, select Manage Policies > Manage Recertification Policies.

  2. On the Recertification Policies page, in the Recertification Policies table, click Create.

  3. On the Manage Recertification Policies page, on the General page:

    1. Enter a name for the recertification policy.

    2. Optional: Type a description for the recertification policy.

    3. Select the status of the policy, enabled or disabled.

    4. Select the business unit to which the policy applies.

    5. Select the scope of the business unit that we selected.

    6. Click Next.

  4. On the Target Type page, select Users, and then click Next.

  5. On the User Target page, select the user type, and then click Next.

  6. On the Resource Target page:

    1. Select which roles we want the policy to recertify membership on.

    2. Select which accounts we want the policy to recertify.

    3. Select which groups we want the policy to recertify.

    4. Click Next.

  7. Optional: If we selected Specified roles on the Resource Target page, on the Role Target page, select one or more roles for which to recertify membership.

  8. Optional: If we selected Accounts on specified services on the Resource Target page, on the Account Target page, select one or more services for which accounts on the service are recertified.

  9. Optional: If we selected Specified groups on the Resource Target page, on the Group Target page, select one or more groups we want the policy to recertify.

  10. On the Schedule page, select the schedule type and evaluation frequency, and then click Next.

  11. On the Policy page, select the configuration mode, and then click Next. For the advanced mode, use the workflow designer to configure the policy. On the Policy page, we can also specify the following options:
    • Who approves recertification.
    • An action, such as Suspend accounts and mark others, that occurs when the recertification is rejected.
    • An optional recipient who receives the rejection email (which can be configured to None) such as a manager, who is notified when recertification is declined.
    • A value for the number of days in which the participant must respond to the request until the recertification is due.
    • An action, such as Reject All or Approve All, that occurs when the recertification is overdue. If we do not select an action, the recertification activity remains in the activity list of the participant after the due date until it is completed.

  12. On the Recertification E-mail page, select an email template, and then click Next.

  13. On the Rejection E-mail page, select a rejection email template, and then click Finish.

  14. On the Success page, click Close.

Parent topic: Recertification policies