search
Release Notes

Create Certification

Create a new access review certification from a workflow

Create a new access review certification from an existing workflow.

hashtag
Overview

Use dynamic_information to filter certification results to specific identities at creation time. This enables you to use a broad query at the workflow level, and then scope individual reviews to certain identities when creating the certification.

Identity IDs and types are sourced from the Veza Authorization Graph and must match existing graph node values from your integrated identity providers.

hashtag
Endpoint

POST /api/preview/awf/certifications

hashtag
Request Body

Field
Type
Required
Description

workflow_id

string

Yes

The ID of the workflow to create a certification from

data_source

integer

No

Data source type: 0 (current), 1 (most recent snapshot), 2 (specified snapshot)

snapshot_id

integer

Conditional

Required when data_source is 2

name

string

No

Name for the certification

notes

string

No

Additional notes or context

reviewer_assignment

object

No

First-level reviewer assignment configuration

reviewer_assignment_second_level

object

No

Second-level reviewer assignment configuration

automation_ids

array

No

IDs of automations to run during creation

final_approval_level

integer

No

Final approval level required

dynamic_information

object

No

Dynamic identity filtering (see below)

hashtag
Dynamic Information

The dynamic_information parameter allows you to filter certification results to specific user identities at creation time.

Field
Type
Required
Description

identities

array

Yes

List of identity objects to filter by

hashtag
Identity Object

Field
Type
Required
Description

id

string

Yes

The identity ID from Veza Graph (e.g., IdP user ID)

type

string

Yes

The identity type (e.g., "OktaUser", "AzureADUser")

previous_manager_id

string

No

Previous manager ID for mover scenarios

hashtag
Reviewer Assignment

The reviewer_assignment and reviewer_assignment_second_level objects configure how reviewers are assigned to certification rows.

Field
Type
Description

users_manager

boolean

Assign the user's manager as reviewer

resource_managers

boolean

Assign resource owners as reviewers

reviewers

array

List of specific users to always assign

fallback_reviewers

array

Users to assign when auto-assignment cannot determine a reviewer

hashtag
Response

hashtag
Examples

hashtag
Basic Certification

Create a certification using the latest data:

hashtag
Dynamic Filtering (Joiner/Mover/Leaver)

Use dynamic_information to scope a certification to specific identities. For mover scenarios, include previous_manager_id:

hashtag
Multi-Level Review

Create a certification with multi-level approval requirements:

hashtag
Identity Types

Use the graph node type that corresponds to your integrated IdP:

Integration
Identity Type

Okta

OktaUser

Azure AD

AzureADUser

Active Directory

ActiveDirectoryUser

Google Workspace

GoogleWorkspaceUser

Identity IDs and types must match the values stored in the Veza Authorization Graph. You can find these values by querying the graph or viewing entity details in the Veza UI.

hashtag
See Also

PreviousList WorkflowsNextList Certifications

Last updated

Was this helpful?