Guides
System StatusRaise a TicketZluri Website
Start typing to search…

Performing Access Reviews

For Reviewers (via Employee View) and Certification Owners

1. Introduction

Zluri enables designated reviewers such as application owners, department heads, reporting managers, or individual users to participate in access certifications through the Employee View.

Reviewers are responsible for:

  • Logging in using organization-provided SSO (Google or SAML) Learn more about configuring SAML here.
  • Accessing assigned certifications
  • Reviewing access for user records within specific applications or groups
  • Selecting appropriate review actions: approve, revoke, or modify
  • Providing justification comments where required (mandatory for revoke or modify)
  • Confirming their actions by signing off once all assigned records are reviewed

Zluri applies self-review configurations to ensure objectivity:

  • If Allow Self Review is enabled, reviewers may act on their own access records.
  • If Auto-Reassign is enabled, such records are reassigned automatically to a different role or user (e.g., Reporting Manager, Department Head, Certification Owner, Fallback Reviewer).

Once all reviews are completed and signed off:

  • If the certification is single-level, it proceeds to remediation, where admins or certification owners validate the outcomes and trigger playbooks.
  • If the certification is multi-level, the records progress to the next level of reviewers, who continue the review cycle before remediation begins.

2. Accessing Assigned Certifications

Reviewers can access all assigned access certifications from the Access Reviews tab in the Employee View.

Steps:

  1. Log in to the Zluri Employee View.
  2. Click on Access Reviews from the left sidebar.
  3. Two tabs are available:
  • Pending Reviews – Shows all ongoing certifications and entities where the reviewer still has records to review and sign off.
  • Completed – Shows all ongoing or completed certifications where the reviewer has finished reviewing and signed off on all records assigned to them.
  1. Under Ongoing Certifications, each row includes:
    • Certification Name
    • Stage (e.g., Review Stage, Action Stage)
    • Certification Owner
    • Entities (e.g., app logos; for group reviews, group metadata like group name, number of members, and group source will be displayed)
    • Review Status (progress bar and count of completed records)
    • Due Date with status indicators (e.g., “Overdue: 5 days” or “Due in 6 days”)
  2. To begin a review, select any certification listed under the Ongoing tab.
  3. Once selected, the interface will show all assigned applications or groups for that certification.
accesscerti.gif

What’s Editable vs Locked

  1. Editable:
    • While the certification is in the Ongoing tab, the assigned Current Reviewer can edit their decisions for each record (approve, modify, or revoke).
    • Comments can be added or updated (for Revoke or Modify actions) until the reviewer signs off.
  2. Locked:
    • After the reviewer clicks Sign Off, the actions become locked and no further edits can be made to the decisions or comments for that record.
    • Once the Sign Off is complete, the records are locked for that reviewer, and the process moves to the next stage of the review lifecycle.

Application vs Group Reviews UI

  1. Application Reviews:
    • The UI for reviewing applications displays user records related to specific applications, showing access statuses, assigned licenses, roles, and other application-specific attributes.
    • Reviewers can take actions based on these user attributes.
  2. Group Reviews:
    • The UI for group reviews is slightly different. Instead of application roles, it shows group membership details.
    • The Entities column will display metadata like group source (e.g., Okta, Azure AD) and the number of users in the group.
    • Filters are available for group-related data, and reviewers will focus on whether users should stay in or be removed from the group, rather than their application access status.

3. Reviewing Records

Once a certification and application or group are selected, the system displays a list of user records that require review. The columns shown are based on the configuration defined by the Certification Owner. Reviewers can evaluate whether access should be approved, modified, or revoked based on the user’s role and access level.

Reviewing Users

After opening a certification and selecting an application, the system displays a list of user records that require review. The columns shown in this table are configurable and vary based on what the certification owner selected during setup.

Common Column Types

The columns you see in the table will depend on how the certification owner configured them, but they often include:

  • User Name
  • User Email
  • Employment Status
  • User Application Status
  • Assigned Licenses
  • Department
  • Role
  • Last Login

Available Actions

In the Actions column, three icon-based options appear for each user record:

  • Approve
    • Action: Confirms that access should be retained.
    • Comment: Optional.
    • Outcome: Clicking Approve saves the review immediately.
  • Modify
    • Action: Indicates that access needs to be changed or downgraded.
    • Comment: Mandatory to provide justification.
    • Outcome: The Modify button remains disabled until a comment is entered.
  • Revoke
    • Action: Indicates that access should be removed.
    • Comment: Mandatory to provide justification.
    • Outcome: Clicking Revoke finalizes the decision.
optionscerti.gif

Notes:

  • Real-time Saving: Review decisions are saved in real-time. As reviewers make decisions (approve, modify, revoke), changes are immediately recorded.
  • Mandatory Comments: A comment is required for Modify and Revoke actions. If no comment is entered, Zluri will display a warning and disable submission.
  • Editing Review Actions: All actions can be edited until the reviewer signs off. Once signed off, they are locked.

4. Bulk Selection & Editing

Zluri allows reviewers to update review actions for multiple users simultaneously using bulk selection. To do this:

  1. Select user records using the checkboxes in the first column of the table.
  2. Once one or more records are selected, the Bulk Edit menu appears at the top of the table.
  3. Choose the desired action: Approve, Modify, or Revoke.
  4. If Modify or Revoke is selected, a mandatory comment is required and applied to all selected rows.
  5. Click Save to apply the changes in bulk.

Bulk edit ensures consistency for users with similar access patterns and helps reduce repetitive manual steps. All bulk updates are recorded with the same audit trail as individual actions.

Screenshot 2025-08-29 at 2.39.19 PM.png

5. Editing Review Decisions

Reviewers can update previously submitted review actions for any user record until they sign off.

To Change a Review Action:

  1. Locate the user row with an existing action (e.g., Approved, Modify, Revoke).
  2. Hover over the action badge to see the Edit (✏️) icon.
  3. Click the Edit icon.
  4. In the dropdown menu, select Change Action.
  5. Choose a new action:
    • Approve
    • Modify
    • Revoke
  6. Enter a mandatory comment justifying the change.
  7. Click Save to confirm the updated action.
editcerti.gif

Notes:

  • Comments are always required when modifying an existing action.
  • All changes are captured in the activity trail and included in the final certification report.
  • Edits are only allowed before sign-off. Once signed off, records become locked and cannot be changed.

6. Delegating Reviews

Zluri supports delegation of access review records through bulk delegation. This feature helps reassign responsibility when the original reviewer is unavailable or when specific records require input from a different stakeholder.

Bulk Delegation

To reassign reviews for multiple users at once:

  1. Select user records using the checkboxes in the leftmost column.
  2. Click Bulk Edit at the top-left of the table.
  3. Select Delegate Review.
  4. Use the search bar to find and assign the new reviewer.
  5. Confirm by clicking Continue.
Screenshot 2025-08-29 at 3.18.07 PM.png

Notes

  • Only Pending reviews can be reassigned.
  • Delegation can be performed by the assigned reviewer or the certification owner.
  • After delegation:
    • The original reviewer no longer sees the reassigned records.
    • The new reviewer sees the delegated records in their review task list.
  • Audit logs capture the delegation action and updated reviewer identity.

7. Zluri Insights

Zluri provides automated insights to help reviewers prioritize records that may require closer attention during an access review.

These insights may include:

  • High-risk access assignments
  • Users with inactive accounts but active access
  • Access outliers based on app usage or department alignment
  • Unusual privilege levels compared to similar roles

Insight indicators are displayed within the user review list and are highlighted visually to assist with faster decision-making.

Reviewers can use these flags to triage reviews and focus on users who present elevated risk or deviation from access norms.

8. Signing Off

After completing all assigned review actions for a certification, reviewers must finalize their inputs by signing off.

Steps to sign off:

  • Go to Access ReviewsOngoing tab
  • Click the assigned certification
  • Select the assigned application or group
  • Complete review actions for all users
  • Confirm the top bar shows 100% records completed
  • Click the Sign Off button at the top right
  • Click Confirm in the prompt.
sign off.gif

Once signed off:

  • All actions become locked and non-editable.
  • The reviewer’s responsibility for the certification ends.
    • The application moves to the next stage in the certification workflow.

Signing off acts as a final confirmation and is required before the certification can proceed to the remediation or completion phases.

10. Multi-Level Review Handling

Zluri supports multi-level reviews to accommodate scenarios where multiple validations of user access are required for compliance purposes. For detailed explanation, please refer to How Sign-Offs and Multi-Level Reviews Work in Zluri

11. Reviewer Notification Triggers

Zluri ensures reviewers stay informed at key points during the access review process through automated notifications. These notifications help maintain timely completion and prevent bottlenecks.

Reviewers receive notifications for the following events:

  • Assignment of Records

    Reviewers are notified when new records are assigned to them for review.

  • Pending Reviews

    Reminders are sent if reviews are pending as the due date approaches.

  • Multi-Level Reviews

    Reviewers at subsequent levels are notified once the previous level has completed and signed off.

These notifications can be delivered via in-app alerts, email, or integrated messaging platforms (if configured).

Updated about 2 hours ago