Access Certification (also called Access Review) is a periodic process where managers and data owners formally review and approve or revoke user access rights to ensure they remain appropriate.
⚙️ How Does It Work?
A campaign is launched by the IGA system, generating a list of users and their access. Reviewers log in, review each entitlement, and certify (approve) or revoke it. Results are automatically applied and stored for audit.
📍 Where Is It Used?
Used in regulated industries like finance, healthcare, and government to prove least-privilege compliance during audits (SOX, HIPAA, PCI-DSS).
💡 Real-World Example
A bank's quarterly SOX audit requires the IT team to certify that all employees with access to financial systems still need that access. The IGA platform automatically sends review tasks to 200 managers, who approve or revoke 4,000 entitlements within two weeks.
🔗 Related Terms
Stay Ahead in Identity Security
Get weekly IAM, PAM & IGA insights via Identity Pulse.
Subscribe to Identity Pulse →