Closing and Completing Certifications

1. Tracking Review Completion

Admins and Certification Owners can track review progress in Admin View → Access Reviews → Ongoing Certifications.

Reviewer Progress Visibility

• Monitor progress per certification and per entity (application or group).
• Check counts and progress bars (e.g., “432 of 432 records completed — 100%”).
• Open a certification to view reviewer status: In Progress, Completed, or Overdue.
• Drill into records to see reviewer actions (Approve / Modify / Revoke) and comments.

Sign-Off Tracking

• Identify reviewers who completed the actions and signed off the review.
• Flag reviewers who completed the actions but have not signed off the review.
• Use the Sign Off Pending filter in the reviewer table to confirm status.
• Progresses only when all reviewers sign off or when admins apply Force Sign-Off.

Reminder Emails and Triggers

• Automatic reminders:
  • 48 hours before Review End Date → Sent to reviewers with pending actions and to the Certification Owner.
  • 48 hours before Remediation End Date → Sent to the Certification Owner to close pending remediation tasks and complete the certification.
• Manual reminders
  • From the certification overview, click Send Reminder to notify all reviewers with pending actions or missing sign-offs.
  • Also from the show progress by reviewers view, select specific reviewers and send reminders only to those users.
  • Zluri prevents duplicate reminders by skipping anyone who received one in the past hour.

2. Force Sign-Off

Force Sign-Off allows Certification Owners (and Admins with appropriate permissions) to finalize reviews when reviewers fail to complete the sign-off step after finishing their actions.

Who can force sign-off

• Certification Owners are always permitted to trigger force sign-off.
• Admins with Owner, Admin, or IT Admin roles (or custom Access Reviews permissions, if enabled) can also perform this action.

When it's available

• Force sign-off is enabled only when reviewers have completed all their review actions for a specific entity but have not signed off.
• Pending reviews (incomplete actions) cannot be force signed off.
• The option to trigger force sign-off can be found in the Ongoing Certifications → Specific Entity → Menu → Show Progress by Reviewers section of the certification. This is where the reviewer status table appears, allowing admins to initiate the force sign-off.

Implications on progression

• Once a force sign-off is complete, the reviewer’s actions are locked and recorded as signed off.
• The application or group under review progresses to the next review level or the remediation stage, depending on the certification setup.
• This feature ensures certifications do not stall due to reviewers not confirming their review actions and helps keep review cycles on track for compliance deadlines.

3. Ready for Remediation

Once all records for an entity (application or group) are reviewed and signed off across all configured levels, Zluri marks the entity with a “Ready for Remediation” tag in the Admin View.

At the certification level, when all entities carry this tag, the certification transitions to a state where the Conclude Review action becomes available to the Certification Owner or Admins. This ensures that no remediation is triggered until every review cycle is finalized.

For full details on how remediation readiness works—including entity-level tags, multi-level dependencies, and certification-wide readiness—refer to the dedicated article: How Sign-Offs and Multi-Level Reviews Work in Zluri

4. Conclude Review

The Conclude Review action closes the review stage and moves the certification into remediation. This step ensures that all reviewer inputs are final before Zluri runs any remediation playbooks.

Who can conclude (roles and permissions)

• The Certification Owner can always conclude a review.
• Admins with the following roles can also perform this action:
  • Owner
  • Admin
  • IT Admin
• If the tenant uses custom admin roles, any user with full Access Reviews for Admins permission can conclude a review.

Playbook validation checks

When you attempt to conclude a certification, Zluri validates all linked remediation playbooks.

• The system checks that each playbook is active and published.
• If any playbook fails validation, Zluri blocks the conclusion step until you correct the issue.

• This prevents remediation from running without a valid configuration.

Error handling (unpublished playbooks, deleted actions)

• Zluri highlights errors when playbooks are unpublished, deleted, or misconfigured.

• The affected applications or groups will appear with error indicators in the Certification Overview.
• You must either republish the playbook or replace it with another remediation action.
• The certification remains blocked until you resolve the issue.

Ability to edit playbooks before conclusion

Playbooks can still be edited while the certification is in the review stage.

• Even after reviewers finish their actions and sign off, the linked playbooks can be modified.
• To edit the playbooks, navigate to the Certification Overview → Remediation Actions section, where modifications can be made to the existing playbooks.
• This flexibility allows adjustments to remediation steps before locking the configuration.
• Once Conclude Review is clicked, Zluri locks the setup and triggers remediation actions, preventing further edits.

5. Remediation Execution

Once you click Conclude Review, Zluri begins executing the remediation actions linked to the reviewer outcomes. The system processes all records marked as Revoke or Modify and runs the corresponding playbooks.

Automated vs manual playbooks

• If the application is integrated with Zluri and supports direct automation, the system runs the automated playbook actions immediately.
• If automation is not available or permissions are missing, the playbook generates a manual task. These tasks appear in the Task Dashboard and must be completed by the assigned owner or IT team.
  • Manual tasks can include actions like creating a Jira ticket, sending email notifications, or Slack messages (if integrations are configured).
• Both automated and manual tasks are recorded in the certification logs, ensuring traceability for all actions.

Run logs and status view per user

After concluding a certification, admins can monitor remediation progress directly from the Ongoing Certifications → Remediation Status panel.

• Each user record displays a real-time remediation status such as Pending, In Progress, Completed, or Failed.
• Clicking on a record opens the run log, which provides full traceability of the remediation execution.

The run log includes:

• Playbook executed – The remediation workflow linked to the reviewer’s decision.
• Action performed – Example: Remove User from Group, Disable Account, or Downgrade License.
• Executor – Whether the action was completed automatically by Zluri or manually by an assignee.
• Timestamps – Start and completion times for each step.
• Error messages – Displayed when permissions are missing or execution fails, with the option to retry or convert to a manual task.

This granular view ensures admins can track and audit every step of the remediation process, confirming that reviewer decisions translate into access changes.

Post-Conclude Monitoring by Admins

After conclusion, admins can track remediation progress from the Remediation Status view:

• Review the total number of actions pending vs completed.
• Filter by application, group, or user to isolate issues.
• Re-run failed playbook actions after correcting integration or permission errors.
• Verify that manual tasks are being completed on time by monitoring their due dates and assignees.
• Export logs for compliance or audit purposes.

6. Completing the Certification

Once all remediation actions are triggered, the certification enters its final phase. At this stage, the Certification Owner validates the outcomes and formally closes the certification.

• The Certification Owner can mark the certification as complete, even if remediation actions are still in progress, as long as those actions have been triggered.
• If any remediation actions are pending or in progress, this will be reflected in the status, and the remediation actions will continue even after the certification is marked as completed.

Final actions by Certification Owner

• Review the remediation status for all users and entities.
• Confirm that automated playbooks ran successfully and manual tasks were completed.
• Investigate any failed actions and rerun them if necessary.
• Validate that the certification meets compliance and audit requirements.

Marking certification as completed

• The Certification Owner clicks Complete Certification in the Admin View.

• Zluri immediately transitions the certification from the Ongoing tab to the Completed tab.
• The system generates a non-editable PDF report summarizing all review and remediation actions. This report is automatically sent to the Certification Owner and is available for download at any time from the Completed tab.
• Notifications confirm that the certification has been closed, and no further edits are possible.

Archiving recurring workflows

• If the certification was created as part of a recurring schedule, Zluri automatically generates the next instance based on the configured cadence (e.g., monthly, quarterly).
• To stop recurrence, the Certification Owner must archive the workflow. Archiving prevents Zluri from creating new future instances while preserving historical data for audit use.

• For more details on how recurrence works, see Recurring Certifications in Zluri.

7. Completed Certifications

Zluri lists all completed certifications under the Completed tab in the Access Reviews module. This section provides admins with a centralized location to review past certifications, download reports, and prepare for audits.

Viewing historical certifications

• Go to Access Reviews → Completed Tab.

• Each row lists the certification details, including:

  • Certification Name
  • Certification Owner
  • Entities Reviewed (apps or groups)
  • Review Status (e.g., 991 of 991 records completed)
  • Remediation Status (e.g., 13 remediation actions pending)

• Click any certification to open a drill-down summary, where each application or group appears as a card with:

  • Total records reviewed
  • Pending vs completed remediation actions
  • A View button for full logs
  

CSV vs PDF report download

• From the certification overview page, click the three-dot menu (⋮) in the top-right corner.
• Available options:
  • Export CSV Report – Provides detailed record-level data for all users and actions.
  • Export CSV for Excel – Delivers a version optimized for Excel import and analysis.
  • Download PDF Report – Generates a non-editable, timestamped certification report.
• Zluri displays a confirmation message (“Report is being generated”) and sends the file to the Certification Owner’s email. The report is also available for download from the Completed tab at any time.

Report contents and audit use cases

The downloaded PDF report includes:

• Certification metadata (name, owner, start and end dates).
• Reviewer actions for each record (Approve, Modify, Revoke).
• Mandatory comments and justifications for Modify/Revoke decisions.
• Remediation actions executed via playbooks.
• Timestamps for every decision and remediation event.

The CSV export provides row-level details for every user record, including actions taken, reviewer identity, and time of execution.

These reports serve as compliance evidence for a wide range of frameworks, including but not limited to:

• SOC 2
• ISO 27001
• SOX
• HIPAA
• GDPR
• PCI DSS
• and several other internal governance and external audit frameworks.

---