Review Intelligence Policies
Accelerate Access Reviews by rejecting or approving results with specific attributes or with prior decision data.
Overview
Review Intelligence Policies can reduce the time reviewers spend working on reviews by automatically making decisions on rows based on filter criteria or previous decision status. They define rules to compare the current review rows with the most recently completed or expired review for the same configuration, and act on rows that are the same in the new and previous certification.
For example, a policy can "Reject rows where identities have no recent activity" or "Approve previously approved and unchanged" access.
Two default rules are optionally available for all reviews, and can be added when creating a review:
“Approve previously approved and unchanged”
“Rejected previously rejected and unchanged”
Additionally, administrators can create custom policies and attach them to configurations with the Automations API.
An automation definition includes:
The criteria, such as “Row is unchanged from the previous review and was previously approved”
The action, such as “Approve & Sign-off”
Whether it is available for all or some configurations
Whether it runs by default
Add policies during review creation
Operators can apply available Review Intelligence Policies when creating a review. These rules can also run by default at the start of any review.
Create a configuration or search for an existing one on the Access Reviews page.
Start or schedule a review for the configuration and enable automation by clicking Use Review Intelligence Policies.
Enable the rules to run from the dropdown and save your changes.
Review intelligence action logs
Open the result actions dropdown and click View Action Log to see when a rule was executed for a single result.
Administrators and operators can review all automated decisions by opening a review and checking the status bar above the table. A chart indicates the total action count.
Assign policies to some or all configurations
The options when creating reviews will depend on the Review Intelligence Policies available to the review configuration.
Administrators can use Attach Automations and other API operations to manage these rules, and set whether they run by default or on an opt-in basis. An attachment operation assigns a single rule, or all rules, to a configuration.
Last updated