Closing and Completing Certifications

1. Tracking Review Completion

Certification Owners and Admins can monitor review progress from the certification overview in Admin View → Access Reviews.

Reviewer progress visibility

• See per-application and per-reviewer status (completed vs. pending records).
• View counts and progress bars (e.g., “991 of 991 records completed”).
• Open the reviewer list to identify who is in progress, completed, or overdue.
• Drill down to the record list to inspect actions (Approve/Modify/Revoke) and comments.

Sign-off tracking

• Track which reviewers have completed actions and which have also signed off.
• Reviewers who finished actions but haven’t signed off remain highlighted as pending sign-off.
• Use the reviewer status table to filter by Signed Off, Completed (Not Signed Off), and Pending.

Reminder emails and triggers

• Automatic reminders (48-hour alerts):
  • Review end date: notifies reviewers with pending reviews and the certification owner.
  • Remediation end date: notifies the certification owner to close pending remediation tasks.
• Manual reminders:
  • From the reviewer list, select one or more users with pending reviews or missing sign-offs and send a reminder.
  • Use this to nudge specific reviewers or teams without waiting for system reminders.

2. Force Sign-Off

Force Sign-Off allows Certification Owners (and Admins with appropriate permissions) to finalize reviews when reviewers fail to complete the sign-off step after finishing their actions.

Who can force sign-off

• Certification Owners are always permitted to trigger force sign-off.
• Admins with Owner, Admin, or IT Admin roles (or custom Access Reviews permissions, if enabled) can also perform this action.

When it's available

• Force sign-off is enabled only when reviewers have completed their review actions but have not signed off.
• Pending reviews (incomplete actions) cannot be force signed off.
• The option appears in the reviewer status table under each certification.

Implications on progression

• Once forced, the reviewer’s actions are locked and marked as signed off.
• The application or group under review progresses to the next review level or the remediation stage, depending on the certification setup.
• This feature ensures certifications do not stall due to unsubmitted sign-offs and keeps review cycles on track for compliance deadlines.

3. Ready for Remediation

Once all records for an entity (application or group) are reviewed and signed off across all configured levels, Zluri marks the entity with a “Ready for Remediation” tag in the Admin View.

At the certification level, when all entities carry this tag, the certification transitions to a state where the Conclude Review action becomes available to the Certification Owner or Admins. This ensures that no remediation is triggered until every review cycle is finalized.

For full details on how remediation readiness works—including entity-level tags, multi-level dependencies, and certification-wide readiness—refer to the dedicated article: How Sign-Offs and Multi-Level Reviews Work in Zluri

4. Conclude Review

The Conclude Review action closes the review stage and moves the certification into remediation. This step ensures that all reviewer inputs are final before Zluri runs any remediation playbooks.

Who can conclude (roles and permissions)

• The Certification Owner can always conclude a review.
• Admins with the following roles can also perform this action:
  • Owner
  • Admin
  • IT Admin
• If the tenant uses custom admin roles, any user with full Access Reviews for Admins permission can conclude a review.

Playbook validation checks

When you attempt to conclude a certification, Zluri validates all linked remediation playbooks.

• The system checks that each playbook is active and published.
• If any playbook fails validation, Zluri blocks the conclusion step until you correct the issue.
• This prevents remediation from running without a valid configuration.

Error handling (unpublished playbooks, deleted actions)

Zluri highlights errors when playbooks are unpublished, deleted, or misconfigured.

• The affected applications or groups appear with error indicators.
• You must either republish the playbook or replace it with another remediation action.
• The certification remains blocked until you resolve the issue.

Ability to edit playbooks before conclusion

You can still edit playbooks while the certification is in the review stage.

• Even after reviewers finish their actions and sign off, you can modify the linked playbooks.
• This flexibility allows you to adjust remediation steps before you lock the configuration.
• Once you click Conclude Review, Zluri locks the setup and triggers remediation actions.

5. Remediation Execution

Once you click Conclude Review, Zluri begins executing the remediation actions linked to the reviewer outcomes. The system processes all records marked as Revoke or Modify and runs the corresponding playbooks.

Automated vs manual playbooks

• If the application is integrated with Zluri and supports direct automation, the system runs the automated playbook actions immediately.
• If automation is not available or permissions are missing, the playbook generates a manual task. These tasks appear in the Admin View and must be completed by the assigned owner or IT team.
• Both automated and manual tasks are recorded in the certification logs.

Run logs and status view per user

• Each user record shows the remediation status (e.g., Pending, In Progress, Completed, Failed).
• Clicking on the status opens a detailed view of the run log, including:
  • The specific playbook executed.
  • The action performed (e.g., Remove User from Group).
  • The executor (automated system or manual assignee).
  • Timestamps for initiation and completion.
  • Error messages, if the action failed.
• These logs provide a traceable record for every remediation step.

What admins can monitor post-conclude

After conclusion, admins can track remediation progress from the Remediation Status view:

• Review the total number of actions pending vs completed.
• Filter by application, group, or user to isolate issues.
• Re-run failed playbook actions after correcting integration or permission errors.
• Verify that manual tasks are being completed on time by monitoring their due dates and assignees.
• Export logs for compliance or audit purposes.

6. Completing the Certification

Once all remediation actions are complete, the certification enters its final phase. At this stage, the Certification Owner validates the outcomes and formally closes the certification.

Final actions by Certification Owner

• Review the remediation status for all users and entities.
• Confirm that automated playbooks ran successfully and manual tasks were completed.
• Investigate any failed actions and rerun them if necessary.
• Validate that the certification meets compliance and audit requirements.

Marking certification as completed

• The Certification Owner clicks Complete Certification in the Admin View.
• Zluri immediately transitions the certification from the Ongoing tab to the Completed tab.
• The system generates a non-editable PDF report summarizing all review and remediation actions.

Completion triggers and notifications

• Once marked complete:
  • Zluri emails the certification report to the Certification Owner.
  • Admins and reviewers can download the report at any time from the Completed tab.
  • Notifications confirm that the certification has closed and no further edits are possible.

Archiving recurring workflows

• If the certification was created as part of a recurring schedule, Zluri automatically generates the next instance based on the configured cadence (e.g., monthly, quarterly).
• To stop recurrence, the Certification Owner must archive the workflow. Archiving prevents Zluri from creating new future instances while preserving historical data for audit use.
• For more details on how recurrence works, see Recurring Certifications in Zluri.

7. Completed Certifications

Zluri archives all finished certifications under the Completed tab in the Access Reviews module. This section provides admins with a centralized location to review past certifications, download reports, and prepare for audits.

Viewing historical certifications

• Go to Access Reviews → Completed Tab.

• Each row lists the certification details, including:

  • Certification Name
  • Certification Owner
  • Entities Reviewed (apps or groups)
  • Review Status (e.g., 991 of 991 records completed)
  • Remediation Status (e.g., 13 remediation actions pending)

• Click any certification to open a drill-down summary, where each application or group appears as a card with:

  • Total records reviewed
  • Pending vs completed remediation actions
  • A View button for full logs

  

CSV vs PDF report download

• From the certification overview page, click the three-dot menu (⋮) in the top-right corner.
• Available options:
  • Export CSV Report – Provides detailed record-level data for all users and actions.
  • Export CSV for Excel – Delivers a version optimized for Excel import and analysis.
  • Download PDF Report – Generates a non-editable, timestamped certification report.
• Zluri displays a confirmation message (“Report is being generated”) and sends the file to the Certification Owner’s email. The report is also available for download from the Completed tab at any time.

Report contents and audit use cases

The downloaded PDF report includes:

• Certification metadata (name, owner, start and end dates).
• Reviewer actions for each record (Approve, Modify, Revoke).
• Mandatory comments and justifications for Modify/Revoke decisions.
• Remediation actions executed via playbooks.
• Timestamps for every decision and remediation event.

The CSV export contains row-level detail for every user record, including actions taken, reviewer identity, and time of execution.

These reports serve as compliance evidence for:

• SOC 2
• ISO 27001
• GDPR
• Internal governance and audit frameworks