Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Introduction

A recertification is a process that aims to periodically check a given entity and its relations for various factors such as accuracy, relevancy or up-to-dateness. Which entities are being recertified and in which periodicity depends on your business needs. This article describes which entities can be recertified and how this is usually done.

Certification Object Type

Core Identity

A Core Identity is probably the most central entity. The Core Identity holds relations such as employments, assigned roles and resources and data about itself. Common uses cases are to periodically check the communication data of a Core Identity or that all delegated permissions of the given Core Identity are still needed.

Organizational Units

An Organizational Unit is an entity that holds relations such as employments, assigned roles and resources and data about the organizational unit itself. Common use cases are to periodically check the data about the organizational unit is still accurate and that all delegated permissions of the given organizational units are still needed.

Certification Storage

The certification storage holds the certification and is entries. Each time a new certification is started for an entity, a certification will be created. This holds the time it was created, the identification properties of the entity and the state. Each time a certification is done successfully, there is also a certification entry with the date of the certification.

Info

It’s important that you have to add a certification record for all entities that you want to recertify. The first interval will be added to this date. So for example if you want to recertify each new user once a year, you have to add an appropriate record in the registration process (Core Identity Added Workflow).

Certification State

State

Id

Description

New

1

The certification was just created

InProgress

2

The process has started

Certified

3

The certification was successful

NotCertified

4

The certification was not successful

CertificationFailedTooLongInProgress

5

The certification failed because the timeout has elapsed

Recertification Task

A recertification task is the job that runs in the background and checks the last recertification date of an entity against the certification storage. So each time an entity has been recertified successfully, an appropriate certification entry will be stored in the certification storage. By defining a new recertification task, you can select all entities based on their the Certification Object Type and a time range. For example, check all Core Identities that have not performed a certification within the last 365 days.

Properties

When specifying a recertification task, you can set the following properties:

Property

Data Type

Mandatory

Example

Description

CertificationInterval

TimeSpan

(tick)

P365D

A yearly certification

CertificationObjectTypeId

Uint

(tick)

1

Choose one of the available:

  1. Organizational Unit

  2. Core Identity

TargetTypeIds

Uint

(tick)

1

You can further enclose your object type by its type. For example a Core Identity has a Core Identity Type, or an organizational unit has an organizational unit type.

WorkflowDefinitionId

GUID

(tick)

8fde167bd16f46328c360ac8b1187a0d

The workflow definition to be executed for each entity that needs a recertification.

Recertification Workflow

As seen in the properties list, the actual logic of the recertification is contained in a workflow definition. So you can define what should happen if an entity has to recertified.

Workflow Activities

CreateCertificationEntryActivity

Whenever a recertification has been completed, you should mark the appropriate certification entry as successful using the CreateCertificationEntryActivity activity.

SetCertificationStateActivity

Whenever a recertification has been completed or expired, you should set appropriate certification to either Certified or NotCertified by using the SetCertificationStateActivity activity

Signals

COS_I_AbortCertification

Whenever a recertification will be aborted, your workflow will be informed about this by the signal COS_I_AbortCertification. So please make sure you account for that in the workflow.

Certification Storage

The certification storage holds the certification and is entries. Each time a new certification is started for an entity, a certification will be created. This holds the time it was created, the identification properties of the entity and the state. Each time a certification is done successfully, there is also a certification entry with the date of the certification.

Info

It’s important that you have to add a certification record for all entities that you want to recertify. The first interval will be added to this date. So for example if you want to recertify each new user once a year, you have to add an appropriate record in the registration process (Core Identity Added Workflow).

Certification State

...

State

...

Id

...

Description

...

New

...

1

...

The certification was just created

...

InProgress

...

2

...

The process has started

...

Certified

...

3

...

The certification was successful

...

NotCertified

...

4

...

The certification was not successful

...

CertificationFailedTooLongInProgress

...

5

...