Table of Contents

Modules - Recertification [rec]

Role recertification module approves assigned user roles again.

When user has a lot of assigned roles for a long time, we want to check these assigned roles periodicaly (in a half year interval for security reasons), if some assigned role has to be already removed. Currently valid manual direct assigned roles are checked - only manual roles can be assigned and stay assigend, after user is changed some way (e.g. user contract is exluded, work position was changed).

CzechIdM version >= 9.7.0 is required.

Terminology

Recertification types

Recertification type defines, who can approve role recertification request and define request content:

  1. Approve by user contract manager (CONTRACT) - recertification request is created for each user contract included in recerrrtification action. Managers defined by user contract can approve this request.
  2. Approve by role guarantee (ROLE) - recertification request is created for each role included in recerrrtification action. Role guarantees defined by user or by role can approve this request.
When no approver is found for given request, then recertification is blocked after creation - apporovers have to be configured properly by the recertification type and then recertification action can be executed again.

Future improvements

- #1760: Move tab from identity detail to roles tab. - #1759: Run recertification action again.

Read More

Admin guide

Admin tutorial

Devel guide