Guides
System StatusRaise a TicketZluri Website
Start typing to search…

Performing Access Reviews

For Reviewers (via Employee View) and Certification Owners

1. Introduction

Zluri enables designated reviewers such as application owners, department heads, reporting managers, or individual users to participate in access certifications through the Employee View.

Reviewers are responsible for:

  • Logging in using organization-provided SSO (Google or SAML) Learn more about configuring SAML here.
  • Accessing assigned certifications
  • Reviewing access for records within specific applications or groups
  • Selecting appropriate review actions: approve, revoke, or modify
  • Providing justification comments where required (mandatory for revoke or modify)
  • Confirming their actions by signing off once all assigned records are reviewed

Zluri applies self-review configurations to ensure objectivity:

  • If Allow Self Review is enabled, reviewers may act on their own access records.
  • If Auto-Reassign is enabled, such records are reassigned automatically to a different role or user (e.g., Reporting Manager, Department Head, Certification Owner, Fallback Reviewer).

Once all reviews are completed and signed off:

  • If the certification is single-level, it proceeds to remediation, where admins or certification owners validate the outcomes and trigger playbooks.
  • If the certification is multi-level, the records progress to the next level of reviewers, who continue the review cycle before remediation begins.

2. Accessing Assigned Certifications

Reviewers can access all assigned access certifications from the Access Reviews tab in the Employee View.

Steps:

  1. Log in to the Zluri Employee View.
  2. Click on Access Reviews from the left sidebar.
  3. Two tabs are available:
  • Pending Reviews – Shows all ongoing certifications and entities where the reviewer still has records to review and sign off.
  • Completed – Shows all ongoing or completed certifications where the reviewer has finished reviewing and signed off on all records assigned to them.
  1. Under Ongoing Certifications, each row includes:
  • Certification Name
  • Stage (e.g., Review Stage, Action Stage)
  • Certification Owner
  • Entities (e.g., app logos; for group reviews, group metadata like group name, number of members, and group source will be displayed)
  • Review Status (progress bar and count of completed records)
  • Due Date with status indicators (e.g., “Overdue: 5 days” or “Due in 6 days”)

  1. To begin a review, select any certification listed under the Ongoing tab.

  2. Once selected, the interface will show all assigned applications or groups for that certification.

What’s Editable vs Locked

  1. Editable:
    • While the certification is in the Ongoing tab, the assigned Current Reviewer can edit their decisions for each record (approve, modify, or revoke).
    • Comments can be added or updated (for Revoke or Modify actions) until the reviewer signs off.
  2. Locked:
    • After the reviewer clicks Sign Off, the actions become locked and no further edits can be made to the decisions or comments for that record.
    • Once the Sign Off is complete, the records are locked for that reviewer, and the process moves to the next stage of the review lifecycle.

Application vs Group Reviews UI

  1. Application Reviews:

    • The UI for reviewing applications displays records tied to specific apps.

    • The visible attributes (e.g., access status, assigned licenses, roles, last login) depend on what the certification creator chose while setting up the certification.

    • Reviewers can take actions based on these user attributes.

  2. Group Reviews:

    • The UI for group reviews is slightly different. Instead of application roles, it shows group membership details.

    • The Entities column will display metadata like group source (e.g., Okta, Azure AD) and the number of users in the group.

    • Filters are available for group-related data, and reviewers will focus on whether users should stay in or be removed from the group, rather than their application access status.

3. Zluri Insights

Zluri provides automated insights to help reviewers prioritize records that may require closer attention during an access review. These insights act as signals for unusual or high-risk access patterns.

Examples of insights include:

  • High-risk access assignments
  • Users with inactive accounts but active access
  • Access outliers based on app usage or department alignment
  • Unusual privilege levels compared to similar roles

Insights are visually highlighted in the review table so reviewers can quickly identify records that need scrutiny.

In addition to flagging potential risks, Zluri also provides recommended actions where possible. For example:

  • If a user is inactive but still holds a license, Zluri may recommend revoking access.
  • If a user has a high-privilege role that seems inconsistent with peers, Zluri may recommend modifying access to a standard role.
  • If the account is active and access usage aligns with role expectations, Zluri may suggest approving access.

These recommendations help reviewers make faster, more consistent decisions while reducing the chance of oversight.

4. Reviewing Records

Once a certification and application or group are selected, the system displays a list of records that require review. The columns shown are based on the configuration defined by the Certification Owner. Reviewers can evaluate whether access should be approved, modified, or revoked based on the user’s role and access level.

Reviewing Users

After opening a certification and selecting an application, the system displays a list of records that require review. The columns shown in this table are configurable and vary based on what the certification owner selected during setup.

Common Column Types

The columns displayed in the review table depend on how the Certification Owner configured the certification.

  • For application reviews, columns typically include app-specific attributes such as roles, licenses, or last login.
  • For group reviews, columns focus on user-related attributes like employment status, department, or group role since app-specific fields are not relevant.

Examples of commonly seen columns:

  • User Name
  • User Email
  • Employment Status
  • Application Access Status (for apps)
  • Assigned Licenses (for apps)
  • Department
  • Role / Group Role (depending on entity type)
  • Last Login (for apps)

Available Actions

In the Actions column, three icon-based options appear for each record:

  • Approve
    • Action: Confirms that access should be retained.
    • Comment: Optional.
    • Outcome: Clicking Approve saves the review immediately.
  • Modify
    • Action: Indicates that access needs to be changed or downgraded (e.g., revoke admin role, downgrade license type).
    • Comment: Mandatory, with details of the required changes.
    • Outcome: The Modify button remains disabled until a comment is entered.
  • Revoke
    • Action: Indicates that access should be fully removed.
    • Comment: Mandatory, with justification for revocation.
    • Outcome: Clicking Revoke finalizes the decision.
optionscerti.gif

Using Insights & Recommended Actions

Alongside these action options, Zluri Insights may highlight specific records as high-risk or unusual based on factors like:

  • Inactive users who still hold app access.
  • Access outliers (e.g., user with a role not common in their department).
  • High-privilege assignments.
  • Misaligned access vs. app usage patterns.

For flagged users, Zluri may also display recommended actions (e.g., “Revoke unused access,” or “Downgrade license to standard”).

Reviewers can use these insights and recommendations to guide decisions more confidently, ensuring faster triage of high-risk access without having to analyze every record from scratch.

Notes:

  • Real-time Saving: Review decisions are saved in real-time. As reviewers make decisions (approve, modify, revoke), changes are immediately recorded.
  • Mandatory Comments: A comment is required for Modify and Revoke actions. If no comment is entered, Zluri will display a warning and disable submission.
  • Editing Review Actions: All actions can be edited until the reviewer signs off. Once signed off, they are locked.

5. Bulk Selection & Editing

Zluri allows reviewers to update review actions for multiple users simultaneously using bulk selection. To do this:

  1. Select records using the checkboxes in the first column of the table.
  2. Once one or more records are selected, the Bulk Edit menu appears at the top of the table.
  3. Choose the desired action: Approve, Modify, or Revoke.
  4. If Modify or Revoke is selected, a mandatory comment is required and applied to all selected rows.
  5. Click Save to apply the changes in bulk.

Bulk edit ensures consistency for users with similar access patterns and helps reduce repetitive manual steps. All bulk updates are recorded with the same audit trail as individual actions.

6. Editing Review Decisions

Reviewers can update previously submitted review actions for any record until they sign off.

To Change a Review Action:

  1. Locate the user row with an existing action (e.g., Approved, Modify, Revoke).

  2. Hover over the action badge to see the Edit (✏️) icon.

  3. Click the Edit icon.

  4. In the dropdown menu, select Change Action.

  5. Choose a new action:

    • Approve
    • Modify
    • Revoke

  6. Enter a mandatory comment justifying the change.

  7. Click Save to confirm the updated action.

Notes:

  • Comments are always required when modifying an existing action.
  • All changes are captured in the activity trail and included in the final certification report.
  • Edits are only allowed before sign-off. Once signed off, records become locked and cannot be changed.

7. Delegating Reviews

Zluri supports delegation of access review records through bulk delegation. This feature helps reassign responsibility when the original reviewer is unavailable or when specific records require input from a different stakeholder.

Bulk Delegation

To reassign reviews for multiple users at once:

  1. Select records using the checkboxes in the leftmost column.
  2. Click Bulk Edit at the top-left of the table.
  3. Select Delegate Review.
  4. Use the search bar to find and assign the new reviewer.
  5. Confirm by clicking Continue.
Screenshot 2025-08-29 at 2.39.19 PM.png

Notes

  • Only Pending reviews that are yet to be signed off can be reassigned.
  • Delegation can be performed by the assigned reviewer or the certification owner or Admins with Owner, Admin, or IT Admin roles (or custom Access Reviews permissions, if enabled) can also perform this action.
  • After delegation:
    • The original reviewer no longer sees the reassigned records.
    • The new reviewer sees the delegated records in their review task list.
  • Audit logs capture the delegation action and updated reviewer identity.

8. Signing Off

After completing all assigned review actions for a certification, reviewers must finalize their inputs by signing off.

Steps to sign off:

  • Go to Access ReviewsOngoing tab

  • Click the assigned certification

  • Select the assigned application or group

  • Complete review actions for all users

  • Confirm the top bar shows 100% records completed

  • Click the Sign Off button at the top right

  • Click Confirm in the prompt.

Once signed off:

  • All actions become locked and non-editable.
  • The reviewer’s responsibility for the certification ends.
    • The application moves to the next stage in the certification workflow.

Signing off acts as a final confirmation and is required before the certification can proceed to the remediation or completion phases.

9. Multi-Level Review Handling

Zluri supports multi-level reviews to accommodate scenarios where multiple validations of user access are required for compliance purposes. For detailed explanation, please refer to How Sign-Offs and Multi-Level Reviews Work in Zluri

10. Reviewer Notification Triggers

Zluri keeps reviewers informed at key points to maintain timely completion and prevent bottlenecks.

  • Assignment of records

    Zluri sends a notification immediately when new records are assigned to a reviewer.

  • Pending reviews (automatic reminders)

    Zluri sends an automatic reminder 48 hours before the Review End Date to reviewers who still have pending records.

    Zluri also sends an automatic reminder 48 hours before the Remediation End Date to the Certification Owner to close pending remediation tasks.

  • Pending reviews (manual reminders)

    Certification Owners and Admins can send manual reminders at any time to selected reviewers who have pending actions or have not signed off.

  • Multi-level reviews

    Zluri notifies the next-level reviewers as soon as the previous level signs off, indicating their level has started.

Delivery channels: in-app alerts and email by default; integrated messaging (e.g., Slack/Teams) if configured.

Updated 4 days ago