CONNECT allows organization to set up audits by access group on a Annual, Semi-Annual, Quarterly, or Monthly basis. If an access group does not need to be audited then it can be excluded as well. Audits are used to ensure that the identities with access should have access. Unless it was previously transferred the ACRM or ACR that approved/assigned the access will be the one responsible for the audit.
The default audit frequency is set via the CONNECT -> Configuration -> Audits page. It defines the audit frequency that will be assigned to any new access group brought up from the access control system.
Set this value before Access Groups are initially brought up from the access control system to prevent having to update the access groups later.
You can exclude access groups from be auditable by unchecking the Is auditable option for the access group. This can be done either by individual access group or in bulk via the CONNECT > Configuration > Access Group page.
To configure per access group:
To configure in bulk:
Once all the access groups that should not be audited have been excluded it time to ensure the remaining have the correct audit period. To do this:
Finally, once all the access groups are configured to the desired audit frequency and access groups that do not need to be audited are excluded in time to enable the audit campaigns via the CONNECT -> Configuration -> Audits page.
To enable audit campaigns:
Finally the last part to configure is the notification. Notification are configured via the CONNECT -> Configuration -> Notifications -> Audit page. Notifications include:
Notifications are only configurable for campaigns that are currently enabled.
To configure notifications: