User Access Reviews are a type of Access Review in Clarity that is concerned with an Identity and its access in your Downstream Applications. Using the various types outlined below, Clarity can narrow the scope of your review so you can focus on the most important (or highest risk) aspects of your organization.
User Access Reviews will always produce an Access Review containing Identities and the access (Entitlements) they have in a Downstream Application. The various types of User Access Reviews (outlined below) let you narrow down that list to target what you want to review.
Standard User Access Reviews
|Custom Inclusion Criteria||This option lets you specify inclusively (rather than excluding) Entitlements, Identities, Supervisors, or Roles. An example of this would be to choose an entitlement and role, the resulting UAR would include all members of the Role with the selected entitlement.|
|Full User Access||This option creates an Access Review for ALL Identities and ALL of their Entitlements. Depending on the size of your organization (or the number and size of the applications connected to Clarity), this Review type can produce extremely large Access Reviews.|
|High Risk Entitlements||This option will create an Access Review for any High Risk flagged Entitlements in your Clarity tenant. This would be a review of all the High Risk labeled Entitlements in your organzation and the identities that have that entitlement. No other entitlements would be included.|
|High Risk Roles||This option will create an Access Review for all of the identities in a particular Role that has been labeled as High Risk. For each Identity in your High Risk roles, all of their Entitlements will be included in the resulting review.|
|Material Apps||This option lets you choose from your Downstream Applications, and review all of the active Identities with Entitlements in that application. The scope of this review is limited to the Entitlements from the chosen applications.|
|Orphaned User Accounts||This review type lets you investigate all of the Orphaned Accounts found by Clarity in your tenant.|
|Selected Entitlements||This option lets you create an Access Review of particular Entitlements you pick from your list of all of your entitlements. The generated review will be for all Identities, and Service Users which have the chosen Entitlements from the Downstream Application. No other Entitlements would be incldued in the review, only those selected.|
|Selected Identities||This option will create an Access Review for ALL of the access for the Identities you choose from the selection dropdown menu (this would include all Entitlements for each of those users).|
|Selected Supervisors||This option lets you choose from the list of Identities in Clarity which are the Supervisor for another Identity in Clarity (this information often comes from your HR platform or directory service). The Access Review that is generated will be of the subordinates for the Supervisor(s) you selected (you will NOT be reviewing the Supervisors themselves).|
|Selected Roles||This option lets you pick from your list of Roles defined in your Clarity tenant. The resulting Access Review would be for ALL of the Identities from the selected roles, and for each of those Identities ALL of their Entitlements.|
|Tagged Items||This option lets you choose from your list of custom tags in Clarity, and generate review items for anything with that tag. See below how different type of tags work with Access Reviews.|
|Unreconciled User Accounts||An unmatched active Service User (meaning a service user is not tied to an Identity) was found in a Downstream Application. This scenario generates an Alert in Clarity, where this can be resolved. This Access Review type lets you navigate through those alerts in a more detailed, auditable way.|
Tagged Access Reviews
|Applications||If you use a tag with an Application assigned to it, your review will contain all of the active identities in that application, and their complete list of entitlements from that application.|
|Entitlements||If you use a tag with just Entitlements assigned to it, your review will contain the list of all the Identities, and Service Users with the tagged Entitlement in your Downstream Applications.|
|Identities||If you use a tag with just Identities assigned to it, your review will contain the list of tagged identities, and their complete list of Entitlements from all Downstream Applications.|
|Roles||If you use a tag with just Roles assigned to it, your review will contain the complete Identity and Entitlement list for all members of that role.|
If your tag is applied to more than one type of Resource from the list above, then the review will include both data sets.
For more information on Tags please check this article: What are Tags?
For more information on Alerts please check this article: What are Alerts?
If you have any problems, contact your customer success team. You can also get in touch with our general support via email, open a support ticket. Our general support team is available Monday - Friday from 8:00 AM - 6:30 PM CST.