Certifications in Sailpoint IQ can be divided into two categories. First on the basis of their “Time period of Execution” and second on the basis of their “functionality”.
Let's first discuss their classification on the basis of their “Time period of Execution”
Certifications can be scheduled to run periodically or continuously. Continuous certifications focus on the frequency with which individual items need to be certified while periodic certifications focus on the frequency with which the entire certification needs to be completed.
Certifications can also be configured to run based on events that occur during an identity life-cycle For example, it might be configured to automatically generate a certification when an identity manager changes or any job change event or can be even the creation of a new identity etc.
Periodic Certification:
Periodic certifications are scheduled to run on a periodic basis, hourly, daily, weekly, monthly, quarterly, and annually. These periodic access reviews provide a snapshot view of the identities, roles, and account groups. Periodic certifications focus on the frequency with which entire entities (identities, roles, account groups) must be certified.
Periodic certifications require the certifier to sign off on a completed access review, an access review in which all of the items (roles, entitlements, violations, account groups) have been acted upon and to confirm those decisions.
Continuous Certification:
Continuous certifications focus on the frequency with which individual items (roles, entitlements, violations) are contained within identity. This type of certification need to be certified and not on the frequency with which the entire certification needs to be performed. Continuous certifications do not use the sign-off method.
Let's now have a look at their classification on the basis of their “functionality”.
• Manager Certifications — certify that your direct reports have the entitlements they need to do their job
and only the entitlements they need to do their job.
• Application Owner Certifications — certify that all identities accessing an application for which an Application Owner is
responsible have the proper entitlements.
• Entitlement Owner Certifications — certify that all identities accessing entitlements for which an Entitlement Owner is
responsible are correct.
• Advanced Certifications — certify that all identities included in the population associated with that
Advanced Certification has the correct entitlements and roles.
• Account Group Certifications — certify that account groups for which an account owner is responsible have the
proper permissions and group membership. Account groups that do not have owners assigned are
certified by the owner of the application on which they reside.
• Role Certifications — certify that roles for which a role owner is responsible are composed of the proper roles
and entitlements and that these roles are assigned to the correct identities.
• Identity Certifications — certify the entitlement information for the identities selected from the Identity
Risk Score, Identity Search Results, or Policy Violation pages, usually for at-risk users.
• Event-Based Certifications — certify the entitlement information for the identities selected based on events detected within IdentityIQ.