27.2 Managing a Review in Live Mode

As the owner or an administrator of an active review, you can perform any or all of the following tasks:

To manage a review in live mode:

  1. Understand the review process.

  2. Start the review run if needed and optionally change the review date and time.

    NOTE:In addition to manually starting a review, you can initiate a review by schedule or micro certification.

  3. Customize the review definition and the column display for the review items. For example, include the column Micro-Certification in progress to review details related to micro certification.

  4. Modify the duration of the review.

  5. Check the progress of each Reviewer.

  6. Approve the actions taken by the Reviewers.

  7. (Conditional) Check the status of manual fulfillment activities.

  8. (Conditional) If you have authorization to view fulfillment status in the fulfillment page, confirm the completion of all fulfillment tasks.

  9. (Conditional) If a review run generated a changeset, collect and publish all identities and the application sources related to the review run.

    You might not have the authorization in Identity Governance to collect and publish. Someone with the Global Administrator or Data Administrator authorization can perform this action.

  10. (Conditional) If you are the auditor, check the status of the review auditor.

  11. View run history.

If you assign a new owner to a review, both the previous and new owners can access the review. The previous owner continues to see instances of a review run before the ownership change. The new owner sees only the instance of a review run after the ownership change.

If you assign a new Review Owner while a review run is in progress, the review definition does not change, and the new review owner is in effect for only that review run. The next review run that starts from the same review definition assigns the review owner specified in the review definition.

For example, a review definition specifies Mary Smith as the review owner. During an instance of the review, or a review run, the global administrator realizes that Mary is on vacation. To keep the review moving, the administrator changes the review owner to Sam Butler, who approves that review run when reviewers have submitted all their final decisions. Both Mary and Sam can see the details of this review run. The next time a review run starts from this review definition, Mary is assigned as the review owner.

27.2.1 Starting a Review Run

In Identity Governance, you can see all review definitions assigned to you, including the date that the Review Administrator specified the review should be run.

To start a review run:

  1. In Identity Governance, select Reviews > Definitions.

  2. (Optional) Click the gear icon to change column display options. For example, to add the micro certification column to your display drag Micro-Certifications in progress to the list of selected columns. You can then view the number of micro certifications and view the run history of the micro certification review.

  3. In the Actions column, select Start Review on the row of the definition that you want to run.

    NOTE:For micro certification reviews, this step is not required and the Actions column is unavailable. Micro certification reviews are triggered automatically based on remediation setup and do not require manual action.

  4. (Optional) Change the end date calculated based on your review definition duration settings to a custom date and time.

  5. Click Start and Go Live.

27.2.2 Managing a Review Run

You can view the status of the review runs in progress, send reminder emails, change the assignments for reviewers and the auditor, override or approve reviewer decisions, complete or terminate the review run, and approve the completed review.

To manage a review run:

  1. In Identity Governance, select Reviews > Reviews.

  2. (Optional) Click the gear icon to customize column display. For example, you can drag Started by to the list of selected columns to view name of the person who started the review on demand, on schedule, or by micro certification process.

  3. Select the review you want to manage.

  4. To see the status of each review item, or see the count of the number of accounts reviewed when you select the option Additionally review permissions for each selected account, click the Review Items tab.

  5. (Optional) Download list of reviewers, a reviewer’s queue, or review items to a CSV file.

    1. Select the Reviewers tab and click Download reviewers to download list of all reviewers with their queue summary.

    2. Select the Reviewers tab, select the number of items in the In Queue column of a reviewer, then click Download all as CSV to download the reviewer’s queue details.

    3. Select the Review Items tab and click Download all review items as CSV to download all review items in the review. If the option Show fulfillment status on download is enabled in the Review Settings > Review Display Customization menu, you can also view the fulfillment status in the CSV file. Review items that generate multiple fulfillment requests have a line for each fulfillment-review item combination.

    4. Select the Your Review Items tab, to download all review items assigned to you for review, selectively download review items by selecting a grouping option or searching for values for columns included in Review Settings > Review Display Customization menu. For example, if you want to review only items in exception queue, you can select Group by exceptions. If you want to include items whose decision you had previously submitted, you can select the filter icon and include submitted items.


    • Type a meaningful description for your file, and save the file to the central download area of the application. Click the download icon on the application title bar and then download the file. For more information about downloading options and examples, seeSection 25.1.14, Downloading Reviewers and Review Item Lists.

    • When review items for entities such as users, permissions, accounts, or technical roles are deleted, Identity Governance marks the deleted entities with a strike-through line across the text. One of the places where you can view these deleted entities is under the Review Items tab.

  6. Act on review items either individually or by using the bulk selection options. Actions you can take depend on settings in the review definition and might include:

    • View activity to see review item details.

    • Override a Reviewer’s decision when you agree or disagree with the decision or make a decision final and remove it from all reviewer queues. If the review definition states that the override action requires a comment, then you must enter a comment to complete the action.

    • Change reviewer to transfer the review item to another reviewer.

    • Approve to move the decision to fulfillment while allowing the review to continue. Note that for Technical Role Definition review, fulfillment request resulting from attribute change or permission revocation are fulfilled automatically on approval.

    • View fulfillment status to view the status of review requests such as removing a permission, or assigning a new user.

  7. To complete the review in its current state, accepting all final decisions and marking items without final decisions as No decision or as other decision specified in the review definition’s expiration policy, select Complete in the review completion overview at the top of the review.

  8. To move all final decisions to fulfillment while allowing the review to continue, select Approve in the review completion overview at the top of the review.

  9. To cancel the review, select Terminate in the review completion overview at the top of the review.

27.2.3 Modifying the Settings of a Review Run

As the Review Owner, you can edit the review time frame and escalation timeout; change the Escalation Reviewer, the assigned Auditor, and the Review Owner; and add multiple Review Owners. Depending on your authorization assignment, you might also be able to modify the full review definition. Any changes you make to the review definition when a review is in progress will apply only to subsequent review instances. However, this section explains how to perform simple modifications to an active review run.

To modify the settings of a review run:

  1. In Identity Governance, select Reviews > Reviews.

  2. Select the active review run that you want to modify.

  3. To determine whether the number of review tasks can be performed in the specified time frame, complete the following steps:

    1. Under the review name, select more, and then select the edit icon.

    2. Observe the number of review items to be completed.

    3. Compare the estimated number of review items with the date in Review end.

    4. Change the end date for the review to ensure any new review items added to the catalog, since the time the review definition is created is considered in the review run.

  4. Change the review owner if your authorization in the organization changes, or add review owners to make sure suitable individuals are assigned for the task.

  5. Modify the appropriate settings, then select Save.

27.2.4 Managing the Progress of Reviewers

To ensure that the review run stays on schedule, you can view the progress of each Reviewer. You can also reassign tasks to a different Reviewer if the assigned Reviewer is sick or on vacation, or there are reviewers who can complete the tasks faster. You can override a Reviewer’s action for a review item.

If the reviewer is listed as Multiple Reviewers, then more than one reviewer shares the responsibility for making a decision on the review item. You can see the members of the shared queue and send reminder emails to all of the members or delegates, if a mapping exists. When a reviewer of a review item in a Multiple Reviewers queue is changed, the item is no longer under shared responsibility.

Reviewers can change the reviewer for any items unless otherwise specified in the review definition.

To manage the progress of reviewers:

  1. In Identity Governance, select Reviews > Reviews.

  2. Select the active review run that you want to manage.

  3. Under Reviewers, select the name of the Reviewer that you want to manage.

  4. Observe the actions taken by the Reviewer.

    You can view the items that have not been completed or all review items. You can send reminder emails, using the Nudge option, for items not yet reviewed. You can also change sorting of the items based on the selectable column headers.

  5. (Optional) Click Nudge to compose and send a reminder email to the Reviewer or select multiple reviewers and click Actions > Nudge.

  6. (Optional) To assign a review item to a different Reviewer, select Change Reviewer or select multiple reviewers and click Actions > Change Reviewer. If the review definition states that the change reviewer action requires a comment, then you must enter a comment to complete the action.

  7. (Optional) To review a Reviewer’s decision, select View Activity for the task.

27.2.5 Approving and Completing the Review

Review Owners can complete, terminate, review, or partially approve the decisions at any time during a review run. If you want to modify or remove a review item, all access change requests are sent to fulfillment, which is the step where approved changes are implemented. Review Owners can view fulfillment status for review items that generate a change request. The approval process allows the Review Owner to confirm the actions taken by all Reviewers. After approval, a review can be optionally routed to a Review Auditor for legal acceptance.

To approve and complete the review:

  1. In Identity Governance, select Reviews > Reviews.

  2. Select the active review that you want to manage.

  3. Observe the actions taken by the Reviewers.

  4. (Optional) Override actions as needed.

  5. To approve the decisions made in the review run, select Approve next to a review item or select multiple review items and select Actions > Approve.

  6. (Optional) Add a comment.

  7. (Conditional) If the review run included changes to user accounts, ensure that the affected data sources are collected and published.

    After the administrator collects and publishes the data sources, Identity Governance updates the status of the fulfillment items.

27.2.6 Viewing Run History

Identity Governance tracks all the reviews and maintains a history of review runs associated with a review definition. The run history is searchable and sortable, and displays:

  • Start and end date of a review run

  • Status including certification percentage

  • Review owner

  • Name of the person who started the review on demand, on schedule, or by micro certification

  • List of review items and associated actions including change reviewer and modify actions, and remove comments if any

  • Fulfillment status of each review item for review runs once they are partially or fully approved, and then continues to be updated until the completion of the fulfillment process

To view the run history:

  1. Select Reviews > Definitions.

  2. Search for the review definition and click the review name, or directly click the review name.

  3. Select View run history.