Creating a Certification Campaign

A certification campaign is represented by a campaign entry in the Provisioning domain.

Steps to Create a New User Certification Campaign

  1. Navigate to the sub-view Certification Campaigns in the view group Provisioning.

  2. Right-click an appropriate parent container and select:

    New → CertificationCampaign

  3. Provide values for the following mandatory fields:

Mandatory Fields

  • Name The name of the campaign. This will be displayed to approvers and included in emails.

  • Type The campaign type. Choose one of:

    • User Certification

    • Privilege Certification

  • Owner A user in the domain who will be considered the campaign owner.

  • Reminder Notifications Define:

    • The period before the campaign due date when reminders should start.

    • The interval at which reminders are sent to approvers.

  • Apply Changes Specify how rejected assignments are handled at the end of the campaign:

    • Do not revoke any rejected privileges – No assignments are removed.

    • Revoke all manually rejected privileges that are rejected or left uncertified – Removes both explicitly rejected and ignored assignments.

    • Revoke only rejected privileges that were manually assigned – Removes only assignments explicitly rejected by the approver.

    • Review the revocation of all manually assigned privileges that are rejected or left uncertified – Starts an approval workflow for all manual assignments not explicitly accepted. These assignments are removed if approval is required.

  • Status Must be set to:

    • Campaign is in preparation (PREPARING)

  • Start Date The date when the campaign should start. To start immediately, set this date in the past.

  • Approval Period The duration of the approval period. This determines the Due Date and should allow sufficient time for approvers to complete certifications.

  • Due Date Calculated as:

    • Start Date + Approval Period The administrator can adjust this during the campaign.

  • Status Expiration Date Optional. Specifies when certification LDAP entries should be physically deleted. If left blank, the workflow sets a default expiration date of:

    • Current Date + 30 days

  • User Base and User Filter Define the subjects of the certification.

    You can create a Certification Campaign for users with a specific risk level if the Risk Governance feature is enabled in the Domain Configuration tab.

    Add search parameter for the LDAP attribute: dxrRskLevel Values: 0 – Normal risk 1 – Low risk 2 – Medium risk ** 3 – High risk

    Example filter:
    (&(objectClass=dxrUser)(|(ou=Finances))(dxrRskLevel>=2))

    This query retrieves all users from the Finance organizational unit with medium risk level.

  • Privilege Filter Base and Privilege Filter Define the privileges to be certified:

    • Leave blank to certify all manual assignments of the subjects.

    • Specify values to restrict privileges to those matching the filter.

These fields are mandatory to start a certification campaign. ``