1-Step Access Reviews

Early Access: Please contact the Veza support team to enable this feature.

Overview

1-step access reviews enable administrators to quickly create, delegate, and initiate access reviews, without first creating a reusable review configuration.

The 1-step review wizard provides a streamlined builder for defining the scope of the review based on:

• Pre-defined scopes for common scenarios and applications such as Okta, AWS, and Salesforce.

• A saved query, either built-in or constructed using the query builder.

Creating a 1-step review

When 1-step reviews are enabled, administrators and operators can choose from two options when creating a review on the Access Reviews > Reviews page:

• 1-Step: Create a review using the quick builder by giving it a name, defining the scope, and configuring optional settings such as reviewers and due date.

• Use Configuration: Open the full review builder to create a configuration, which can be used for recurring certification campaigns using the same scope. See Access Reviews Query Builder for more information on the full query builder.

To create a review with the 1-step builder:

1. On the Access Reviews > Reviews page, click Create Review > 1-Step.

   
2. Enter the required details:

   • Review name: This will be used to identify the review in Veza and reviewer notifications. Names should be unique to simplify tracking and reporting.

   • Scope: Choose an option to define the entities and relationships to review:

     • Quick Builder:

       • Application: Choose a provider from Integrations added to Veza.

       • Review Type: The type of entities and relationships to review: e.g., "Okta user AWS IAM group memberships"

       • Narrow Scope: Choose specific data sources Veza has discovered.

     • Saved Query: Choose from any out-of-the-box or user-defined query created using the Query Builder or Separation of Duties page.

   • Due date: Specify the Date (UTC) and Timezone when the review must be completed.

   • Reviewers: See Assigning Reviewers for more on assigning reviewers and auto-assignments.

     • Assign Reviewers: Assign default reviewers for all rows in the review.

     • Auto-assign reviewers: Assign row-level reviewers based on Veza metadata like managers or resource owners.

     • Fallback reviewers: Used when an auto-assignment is prevented or can't be found.

   • Second-level Reviewers: Require multi-level approval, with the option to assign to first-level reviewer's managers.

   • Access Intelligence: Show risk scores and risk level for rows in the reviewer interface.

3. Click Create and Publish to make the results available to reviewers, or click Create to save a draft and preview the results.

Notes:

• New reviews created using the 1-step builder have the "1-Step" review type.

• A review configuration is created in the background, which can be used to re-initiate reviews with that scope and provide historical decision data.

• 1-step access reviews use Digest Notification Settings to notify reviewers of assignments and deadlines, with the option to configure more granular notifications, reminders, and orchestration actions after review creation.