Introduction
A recertification is a process that aims to periodically check a given entity and its relations for various factors such as accuracy, relevancy or up-to-dateness. Which entities are being recertified and in which periodicity depends on your business needs. This article describes which entities can be recertified and how this is usually done.
Certification Object Type
Core Identity
A Core Identity is probably the most central entity. The Core Identity holds relations such as employments, assigned roles and resources and data about itself. Common uses cases are to periodically check the communication data of a Core Identity or that all delegated permissions of the given Core Identity are still needed.
Organizational Units
An Organizational Unit is an entity that holds relations such as employments, assigned roles and resources and data about the organizational unit itself. Common use cases are to periodically check the data about the organizational unit is still accurate and that all delegated permissions of the given organizational units are still needed.
Certification Storage
The certification storage holds the certification and is entries. Each time a new certification is started for an entity, a certification will be created. This holds the time it was created, the identification properties of the entity and the state. Each time a certification is done successfully, there is also a certification entry with the date of the certification.
It’s important that you have to add a certification record for all entities that you want to recertify. The first interval will be added to this date. So for example if you want to recertify each new user once a year, you have to add an appropriate record in the registration process (Core Identity Added Workflow).
Certification State
State | Id | Description |
---|---|---|
| 1 | The certification was just created |
| 2 | The process has started |
| 3 | The certification was successful |
| 4 | The certification was not successful |
| 5 | The certification failed because the timeout has elapsed |
Recertification Task
A recertification task is the job that runs in the background and checks the last recertification date of an entity against the certification storage. So each time an entity has been recertified successfully, an appropriate certification entry will be stored in the certification storage. By defining a new recertification task, you can select all entities based on their the Certification Object Type and a time range. For example, check all Core Identities that have not performed a certification within the last 365 days.
Properties
When specifying a recertification task, you can set the following properties:
Property | Data Type | Mandatory | Example | Description |
---|---|---|---|---|
| TimeSpan |
| P365D | A yearly certification |
| Uint |
| 1 | Choose one of the available:
|
| Uint |
| 1 | You can further enclose your object type by its type. For example a Core Identity has a Core Identity Type, or an organizational unit has an organizational unit type. |
| GUID |
| 8fde167bd16f46328c360ac8b1187a0d | The workflow definition to be executed for each entity that needs a recertification. |
Recertification Workflow
As seen in the properties list, the actual logic of the recertification is contained in a workflow definition. So you can define what should happen if an entity has to recertified.
Workflow Activities
CreateCertificationEntryActivity
Whenever a recertification has been completed, you should mark the appropriate certification entry as successful using the CreateCertificationEntryActivity
activity.
SetCertificationStateActivity
Whenever a recertification has been completed or expired, you should set appropriate certification to either Certified
or NotCertified
by using the SetCertificationStateActivity
activity
Signals
COS_I_AbortCertification
Whenever a recertification will be aborted, your workflow will be informed about this by the signal COS_I_AbortCertification
. So please make sure you account for that in the workflow.