mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-19 14:09:40 +03:00
111 lines
3.9 KiB
Markdown
111 lines
3.9 KiB
Markdown
# Access Recertification with Saviynt - Workflows
|
|
|
|
## Campaign Execution Workflow
|
|
|
|
```
|
|
WEEK 1: PREPARATION
|
|
├── Review and update certifier assignments
|
|
├── Verify identity data freshness (HR sync)
|
|
├── Validate entitlement data accuracy
|
|
├── Configure campaign template
|
|
└── Schedule campaign launch
|
|
|
|
WEEK 2: LAUNCH AND REVIEW
|
|
├── Launch campaign (auto-notifications sent)
|
|
├── Certifiers receive email with review link
|
|
├── Certifiers review each line item:
|
|
│ ├── Check user's current role
|
|
│ ├── Review risk score
|
|
│ ├── Check last access date
|
|
│ ├── Compare with peer group
|
|
│ └── Make certify/revoke decision
|
|
└── Day 7: First reminder sent
|
|
|
|
WEEK 3: FOLLOW-UP
|
|
├── Day 10: Second reminder sent
|
|
├── Day 13: Final reminder (escalation warning)
|
|
├── Security team contacts non-responsive certifiers
|
|
└── Campaign manager reviews progress dashboard
|
|
|
|
WEEK 4: CLOSE AND REMEDIATE
|
|
├── Day 14: Campaign due date
|
|
├── Day 15: Auto-revoke for non-certified items (if configured)
|
|
├── Revocation tasks created automatically
|
|
├── Remediation tickets sent to provisioning team
|
|
├── Access removed from target systems
|
|
└── Campaign report generated for compliance
|
|
```
|
|
|
|
## Certifier Decision Workflow
|
|
|
|
```
|
|
Certifier opens Saviynt certification inbox
|
|
│
|
|
├── For each user-entitlement pair:
|
|
│
|
|
│ ├── Review Context:
|
|
│ │ ├── User's name, title, department
|
|
│ │ ├── Entitlement name and application
|
|
│ │ ├── Risk score (1-10)
|
|
│ │ ├── Last access: 3 days ago / 180 days ago / Never
|
|
│ │ ├── Peer analysis: 85% of peers have this access
|
|
│ │ └── SoD violation: None / Conflict detected
|
|
│ │
|
|
│ ├── Decision Logic:
|
|
│ │ ├── Active user + Used recently + Peers have it → CERTIFY
|
|
│ │ ├── Active user + Not used in 90+ days → INVESTIGATE
|
|
│ │ ├── User changed department → LIKELY REVOKE
|
|
│ │ ├── SoD violation detected → REVOKE or ESCALATE
|
|
│ │ └── Cannot determine → DELEGATE to app owner
|
|
│ │
|
|
│ └── Record decision with justification
|
|
│
|
|
└── Submit all decisions
|
|
```
|
|
|
|
## Event-Based Certification Workflow
|
|
|
|
```
|
|
User attribute changes in HR system (e.g., department transfer)
|
|
│
|
|
├── Saviynt detects change via HR connector sync
|
|
│
|
|
├── User update rule triggers micro-certification:
|
|
│ ├── Scope: All entitlements for this user
|
|
│ ├── Certifier: New manager
|
|
│ └── Due date: 7 days
|
|
│
|
|
├── New manager reviews all access:
|
|
│ ├── Certify access relevant to new role
|
|
│ ├── Revoke access specific to old role
|
|
│ └── Request new access if needed
|
|
│
|
|
└── Remediation executes for revoked items
|
|
```
|
|
|
|
## Remediation Tracking Workflow
|
|
|
|
```
|
|
Campaign completes with revoked items
|
|
│
|
|
├── Saviynt creates provisioning tasks for each revocation
|
|
│
|
|
├── For each revoked entitlement:
|
|
│ ├── Create deprovisioning request
|
|
│ ├── Route to target system connector
|
|
│ ├── Execute removal (API/connector)
|
|
│ ├── Verify removal succeeded
|
|
│ └── Update audit log
|
|
│
|
|
├── If automated removal fails:
|
|
│ ├── Create manual remediation ticket (ServiceNow)
|
|
│ ├── Assign to application admin
|
|
│ ├── Track SLA compliance
|
|
│ └── Escalate if overdue
|
|
│
|
|
└── Post-remediation verification:
|
|
├── Re-scan target systems
|
|
├── Confirm revoked access no longer present
|
|
└── Archive compliance evidence
|
|
```
|