Skip to main content

Choosing Certifiers - Hitachi ID Access Certifier

By its nature, access certification implies that one user reviews the security rights assigned to another. To configure access certification, it is therefore important to specify the right person to review any given security entitlement.

Hitachi ID Access Certifier supports a number of strategies for selecting appropriate certifiers for each security entitlement:

  • Single Certifier: a single person is invited to perform a review for a set of privileges. This certifier will be presented with a list of users who have been assigned each of the privileges under consideration.

  • Multiple Certifiers: when a certification round impacts too many users, the population of users whose security rights must be reviewed can be broken down into segments. This is done by considering identity attributes such as location, department or division. A different certifier may be assigned to each set of users (each segment).

  • Resource Owners: resources such as connected systems and applications, security groups, roles and SoD policies normally have named owners. An access certification round can be configured to invite the owner of each of its constituent entitlements to review a list of users who possess that entitlement.

  • Managers / relationship based: in some cases, the best person to decide whether a given security entitlement is appropriate for a given user is simply the user's manager. A certification round can be configured so that managers will review the security rights assigned to their direct subordinates. This is a generic infrastructure and other types of relationships (not just manager/subordinate) can also be defined.
page top page top