Attestation (also called access recertification) is the formal process of reviewing and validating that user access privileges are still appropriate — requiring managers or data owners to confirm or revoke entitlements on a periodic basis.
⚙️ How Does It Work?
The IGA platform generates attestation campaigns listing users and their entitlements. Reviewers certify (approve) or revoke each entitlement. Uncertified access is automatically removed. Results are stored as audit evidence.
📍 Where Is It Used?
Regulated industries (finance, healthcare, government) where periodic access reviews are required by SOX, HIPAA, PCI-DSS, or ISO 27001.
💡 Real-World Example
A bank runs quarterly attestation campaigns via SailPoint. Each manager certifies their team's SAP access. 12% of entitlements are revoked as employees changed roles. The audit report shows 100% completion — SOX control passed.
🔗 Related Terms
Stay Ahead in Identity Security
Get weekly IAM, PAM & IGA insights via Identity Pulse.
Subscribe to Identity Pulse →