Skip to page content
  • Home
  • Knowledge
  • Public Knowledge Base (Knowledge Base)
  • General
Knowledge Article View
KB0017930 - Latest Version - Copy Permalink
5.0 - Updated on 01-29-2024 by Steve Dunio (sjd165)
4.0 - Updated on 08-11-2022 by Steve Dunio (sjd165)
3.0 - Updated on 03-02-2022 by Megan Furchner (mvf5061)
2.0 - Updated on 03-02-2022 by Megan Furchner (mvf5061)
1.0 - Authored on 02-24-2022 by Megan Furchner (mvf5061)

IdentityIQ (IIQ): Perform an Access Review

Revised by Steve Dunio (sjd165)
• • 2529 Views • ( ) ( ) ( ) ( ) ( )

Article Intended For

Penn State faculty and staff who use IdentityIQ (IIQ) for access management.

Introduction

Managers are responsible for performing an annual access review if they oversee people with access to LionPath. SIMBA, DIMC or WorkDay. They are also responsible for reviewing access for new employees who have changed positions with the University. The following instructions will guide you through the process of performing an access review.

Step-by-Step Instructions

Log In and Open a Certification Campaign

  1. Log in to Penn State’s Global Protect Remote Access VPN if you are using a non-Penn State Wi-Fi network.
  2. Open identityiq.psu.edu and log in with your Penn State Access id (e.g., abc123).
  3. Select Access Reviews to open a list of all your active access reviews.
    The IdentityIQ home screen where users can select Access Reviews.
    Figure 1: Select Access Reviews on your IIQ home page.

    NOTE: Your access reviews screen may consist of one or more certification campaigns assigned to you to complete. Each campaign will have multiple line items requiring you to make a series of decisions allowing or revoking the access of users within one or more applications.

  4. Click the start button to view all line items of a certification campaign.
    The My Access Reviews screen shows certification campaigns that are assigned to you to complete.
    Figure 2: The My Access Reviews screen shows certification campaigns that are assigned to you to complete.

  5. All items will show on the Open tab until a decision is made and they move to the Review tab.
    A certification campaign list of open items awaiting decision,
    Figure 3: The default view of a certification campaign.

From the certification campaign window, proceed to one of the following sections depending on what you want to accomplish:

  • Display Name Grouping and Bulk Decisions
  • Reassign Users to Another Reviewer
  • Approve or Revoke Access

 

Display Name Grouping and Bulk Decisions

  1. Select Group By to open a menu of criteria you can use to group line items.
  2. Select Display Name from the criteria list to group by role.
    Opening the Group By menu allows you to group the line items on several criteria.
    Figure 4: Group by Display Name to group users by role.

  3. Select the checkbox next to a Display Name header to make bulk decisions on everyone who has the selected role. 
    Select the checkbox next to a Display Name header to to make bulk decisions on everyone who has the selected role.
    Figure 5: Select the checkbox next to a Display Name header to to make bulk decisions on everyone who has the selected role.

  4. Select Bulk Decisions to reveal options for revoking access or reassigning review.
    Bulk revoking of access and reassignment is allowed.
    Figure 6:Bulk revoking of access and reassignment is allowed.

Reassign Users to Another Reviewer

  1. Select List on the Certification Campaign screen to display all identities.
    Select the list button on the Certification Campaign screen.
    Figure 7: The list button on the Certification Campaign screen.

  2. Select the checkboxes next to the names of the users you want to reassign.
  3. Select Reassign.
    Select Reassign after selecting one or more user identities from the list.
    Figure 8: Select Reassign after selecting one or more users from the list.

  4. Enter the reviewer you want to transfer the items to in the Recipient field.
    Enter the reviewer you want to transfer the items to in the Recipient field.
    Figure 9: Enter the reviewer you want to transfer the items to in the Recipient field.

  5. Select the Reassign button.
  6. Items must be completed before you can sign off on the review as a whole.
  7. All reassigned items will come back to you for final sign-off.

NOTE: You can only reassign to another reviewer once per line item, grouping or identity. 

 

Approve or Revoke Access

You can make two basic decisions on each line item: approve and revoke. These decisions will take effect after the entire review is complete and sign off is complete. The initial reviewer will always have the option of reviewing any decision made, even those that were reassigned to another reviewer.

  1. Select the Approve or Revoke button for each line item you are ready to decide on.
  2. Select Save Decisions. Items will move to the Review tab on the Certification Campaign screen.
    Select Save Decisions to save your progress.
    Figure 10: Select Save Decisions to save your progress.

  3. Select the Review tab on the Certification Campaign screen.
  4. Select the menu button to undo, revoke, or allow any of your decisions or decisions that were reassigned to another user, if necessary.
    View and make changes to existing decisions on the Review tab.
    Figure 11: View and make changes to existing decisions on the Review tab.

    NOTE: The Allow option acts as a temporary approve action and gives the user the access for a specific period of time that defaults to 1 month and then the access is revoked. It can be useful for employee transition periods where the exiting employee can assist the new hire for a period of time until they are comfortable performing the new duty.

  5. Once all decisions have been made, a screen will pop up asking you to sign off on the review marking it as complete. You may click the Sign-Off Decisions button to finish or click the Review Decisions and Sign-Off Later link to go back to the review tab.
    The sign-off access review screen.
    Figure 12: The sign-off access review screen.

NOTE: As a reminder, all reassigned portions of your access review must be signed off before final sign off can be complete.

Links

  • IdentityIQ (IIQ): Annual Access Review
  • IdentityIQ (IIQ): Position Change Access Review
  • Penn State IdentityIQ SharePoint Site 
  • Help and support options are available at the Penn State IT Support website
  • IIQ: FAQs for ERP Access Management

Copy Permalink

go to Penn State home page
  • Employment
  • |
  • Maps
  • |
  • Contact Us
  • |
  • Search

401 Old Main, University Park, Pennsylvania 16802

814-865-4700

  • Privacy
  • |
  • Non-discrimination
  • |
  • Equal Opportunity
  • |
  • Accessibility
  • |
  • Copyright

The Pennsylvania State University © 2020