Access Reviews Overview
Access Reviews is a critical process performed by InfoSec teams to ensure that the access granted to users for each application within an organization’s tech stack is accurate, appropriate, and aligned with security and compliance policies.
Zluri’s Access Reviews module facilitates this process in a streamlined and efficient manner, providing centralized visibility into all applications that require review while offering detailed information necessary for these reviews. With Zluri, users can manage multiple app reviews efficiently, assign reviewers, and implement post-review actions.
Access Review Roles and Due Dates
Roles
- Primary Reviewer: Responsible for reviewing access certifications, verifying, and taking actions such as approving, rejecting, or modifying access.
- Fallback Reviewer: Assigned as the reviewer if the primary reviewer is unavailable or not correctly configured.
- Certification Owner: Validates access reviews, ensures completion of the review process and oversees actions taken based on reviews.
Due Dates
- Review Start Date: The Certification can be viewed in two sections based on the Start date: Ongoing Certifications and Upcoming Certifications.
- Review End Date: Reviewers with pending reviews will receive alerts, along with the certification owner.
- Remediation End Date: The certification owner will be notified to finalize any pending remediation actions and tasks.
Prerequisites
Before initiating access reviews, ensure the following:
- Necessary roles must be set up to assign appropriate responsibilities and permissions for conducting access reviews efficiently.
- Deprovisioning app playbooks must be configured to automate actions for revoking or modifying access based on review outcomes.
- Required integrations must be connected and scoped properly to enable automated workflow actions during the access review process, ensuring seamless execution of tasks across applications.
Creating a Deprovisioning Playbook
- Navigate to the desired application on Zluri.
- Navigate to Automation > Deprovisioning tab and click Add to create a new playbook.
Note: Next, a pop-up window will appear, displaying all available de-provisioning actions.
- Add de-provisioning actions, ensuring integrations are connected.
Note:
- If the integration is available but not connected, you can see it listed. Clicking on the integration name will redirect you to the connection screen.
- Once the integration is connected, you can select the instance and choose the automated action to remove or downgrade user access.
-
You also have the option to convert the action to a manual task by clicking Convert to Manual Task if integration is not desired.
- Choose a template, add details, and save changes to publish the playbook.
-
After configuring the necessary actions for access revocation or downgrade, click Publish appPlaybook to create the playbook.
-
To view the published Deprovisioning Playbook, click View Runs or navigate to the Runs tab from the sidebar menu.
Access Review Process
Creating a Certification
- Navigate to the Access Review tab and click Create New Certification.
- Provide the following Certification Details and click Next.
- Certification Name
- Certification Owner
- Description (optional)
-
Complete the following Set Up Certification.
- Click Add Application to select Applications to include, and click Next.
- Specify Reviewers (Primary and Fallback) and click Next.
- Choose Users for review using relevant filters and click Next.
- Select Data Columns for reviewer visibility and reference and click Next.
Note:
- Upon clicking Save Application, you will be directed to the Set Up Certification page, where additional applications can be added.
- Users can modify or delete the added application by selecting the edit or delete icon.
-
Upon adding the applications, click Next.
-
Complete Setup for the access certification.
- Specify the Review Start Date and End Date.
- Specify the Remediation End Data and click Create Certification.
Note: The automated reminders will be sent 48 hours before the due dates to the associated users.
Reviewing a Certification
Reviewers can access ongoing certifications and take actions on user access (approve, modify, revoke).
- Navigate to the Access Reviews > Ongoing tab to view the open certifications list.
- Find and click your certification name to open its dashboard page.
- Click on the application name to view review details in a sidesheet.
Note: The reviewer and the certification owner can approve, remove or modify access by clicking on the actions icon for the users.
- Review user details and take actions (approve, remove, modify) as needed.
Note:
- For removal or modification of access, it is neccessary to add comments for actions taken as it creates a record for audit purposes and can be referred to in the report.
- Reviewers can select multiple or all users and select Bulk Review Action or Delegate Review from the Bulk Edit drop-down.
- Reviewers cannot review their own access.
Conclude Review
- Upon review completion, close the side sheet and click Conclude Review on the dashboard to run the actions.
Note: App playbooks configured earlier will run automatically based on review actions.
Complete Certification
Note:
- A detailed PDF report is generated and sent to the certification owner.
- All the certifications marked as completed will be available under the Access Reviews > Completed tab.
Additional Functionality
- Notifications: Automated notifications are sent to reviewers for pending reviews and upcoming deadlines.
- Cloning Campaign: Clone previous certifications to reuse configurations for similar reviews from Certification dashboard pages from Ongoing or Completed tabs.
- Show progress by reviewers: The certification owner can now see the progress for each reviewer assigned to an access review campaign and send reminders to specific reviewers or all reviewers who have pending reviews to complete.
- Employee View: Employees (app users) can view and take action on certifications assigned to them as reviewers.
Updated about 1 month ago