Access Reviewer's Guide

You may have just received an email inviting you to participate in an certification campaign using your organization's Veza authorization platform. If you have been assigned as a reviewer, your expertise is needed to confirm that a user or data resource has the correct level of authorization (typically, the least privileges required for routine operation). Either:

• A compliance officer or another individual responsible for certification campaigns at your company has assigned you as a default reviewer for a workflow, such as an audit of all employees you manage or databases you own.

• Another reviewer has added you as an individual reviewer for a particular identity-to-resource relationship. This may be because Veza identified you as the owner of a data resource or the manager of an employee whose access is under review. It may also be that the original reviewer didn't have the context required to make an "approve" or "reject" decision and has requested your input.

Once you've connected to your organization's Veza portal using Single Sign-On, you can view the audits you are a reviewer for, and decide to approve the level of access, reject, request remediation, or assign another reviewer.

This guide provides some quick instructions to get started with:

• Accessing the Veza platform

• Viewing and continuing certifications

• Reviewing certification results

  • Reassigning reviewers

  • Reviewer Notes and Fix Status

• Finishing a certification

What are Workflows?

Each Workflow uses a query against the Veza authorization catalog, such as "Show me all the users from the Finance department with access to databases containing privacy-compliant records." The certification view shows the results of that Workflow Query.

Since authorization reviews are typically conducted as recurring audits, a Workflow can have more than one certification. Each Certification is an access or entitlement review conducted against a snapshot of identity-to-data authorization within your organization on a particular date.

Accessing the Veza platform

You should log in to Veza using the Single Sign-On option and your workplace's identity provider, such as Okta or Azure AD. Depending on how your system has been configured, this could mean logging in to Veza via an App Portal, or you can access the Veza homepage directly from a link in a notification email.

First, click Sign in:

Then, select Continue with SAML SSO to log in using your Identity Provider:

Viewing and continuing certifications

Once you log in, you will see the Veza Workflows panel. Depending on how many workflows you've been assigned to, you may have one or more available to certify.

Simply select a certification from list, and click Continue. If you have many certifications to work on, you can organize them by sorting on the original workflow or due date.

Note If you are a Veza operator or admin, you may see a list of all workflows, instead of all certifications. In this case:

Choose a workflow and click Certifications to view the pending and past certifications:

If you've been assigned as a reviewer, a certification could already be in progress, or the certification may be waiting for you to start in an "Uncertified" state.

Select the certification you want to review, and click continue:

Later, you can return to the Workflows overview to view the workflows and certifications you've made decisions on.

Reviewing certification results

Once you have started or continued certification for a workflow, you will be presented with the main Certification view. Each row (1) represents an identity-to-resource pair and a set of permissions the identity (typically a user) is able to take on the resource.

Hover a row for a text summary of the access under review. You can make Reject or Approve each set of permissions using the row actions (2) or via a bulk decision using multi-selection (3).

You can also act across multiple results by filtering to show just the results you want to apply a decision or note to, and using a Smart Action.

To get additional details about the results and customize the display, you can show or hide columns (4):

Reassigning reviewers

You can assign another reviewer if you don't have the information or authority required to make a decision. If you don't know who to choose, specify the workflow creator. Otherwise, you can directly select another employee at your organization.

To add a new reviewer for a row, open the actions menu and choose Reassign Reviewers. Find or type in the email address of the new reviewer, and click Save. The new reviewer and any current reviewers will receive a notification.

Reviewer Notes and Fix Status

To keep track of notes and remediation tasks without relying on an external ticketing service, you can click "Add Note" to suggest a resolution or leave a comment on a rejected row, which will be visible to the Workflow owner and other reviewers.

Depending on how your organization utilizes Veza, marking a row as rejected may create a service desk ticket. In this case, the notification info and status will be available via optional Certification view columns.

Adding a new note will replace the previous value. An administrator can still retrieve a record of historical notes on a certification result.

Finishing a certification

Depending on the settings enabled by your Veza administrator, all rows may need a decision and sign-off before a certification can be completed.

You can leave a result row in a "draft" state and change the "Accept" or "Reject" status at any point. However, a decision is final once you have "Signed Off" on it. The only modifications can be from "rejected" to "fixed" and vice versa.

Once you have signed off on your assigned rows, you will be able to complete the certification. You can always close the certification window to resume later, as your progress is always saved.