How to Review Birthright Access

This guide walks you through how to review birthright access for one or more roles in your organization.

Reviewing birthright access is a crucial component of any Identity governance program. Running quarterly birthright access reviews helps identify access drift, clean up over-provisioned roles, and reduce the scope of User Access Reviews.

Create a Birthright Access Review

Set Up the Birthright Access Review

1. Navigate to the New Access Review page (Access Reviews > Create New or https://your_tenant.claritysecurity.io/review/create)

2. Click Create Role Access Review

3. Fill in the information in the left column:

   1. Review Name - Birthright Review - Demo

   2. Assign Items to - Role Owners

   3. Default Reviewer If No Supervisor/Owner Found - Clarity Admin -- admin@claritysecurity or yourself

   4. Frequency - Once

   5. Start Review On - Today's Date

   6. Business Days to Complete Review - 15

Scope the Review

1. In the Type drop-down select Specific Roles.

2. In the Role drop-down type and select Admin, or any other role that has birthright access which can be found in the Role side navigation.

3. Optional settings:

   1. Use Entitlement Friendly Name will display the friendly name of an entitlement, which is configured in the Entitlement Bulk Editor. If you do not have friendly names configured, the default name will be used.

   2. Delay Email Notifications allows you to control when reviewers are notified about their assigned items.

4. Exclusions are how to filter out data such as applications or entitlements from the scope of the review.

Generate the Review

1. Review that all of the following fields have a value set:

   1. Review Name - Birthright Review - Demo

   2. Assign Items Reviews to - Role Owners

   3. Default Reviewer If No Supervisor/Owner Found - Clarity Admin

   4. Frequency - Once

   5. Start Review On - Today’s Date

   6. Business Days to Complete Review - 15

   7. Type - Specific Roles

   8. Roles - Admin/Admin
      

2. Click Create Review

Clean up

After generating the review, look through the data, and explore the review and remediation capabilities.

Once finished, navigate to the access review home screen https://your_tenant.claritysecurity.io/review

1. Locate the review we just created --> Birthright Review - Demo

2. Click the ACTIONS drop-down.

3. Click Delete

If you click the button Archived Templates there will be a template with the name Role Review - Demo. You can use this template to generate future Birthright Access Reviews

Common Support Questions

1. Can I select multiple roles in a single Birthright Access Review?

   1. Yes! After you click on the first role, type in the name and select the applicable role.

2. Why did my review not appear in the In Progress reviews?

   1. Potential Cause: If the roles you selected do not have any birth right access, there will be no data to review.

      1. Confirmation Step click on the Ready to Finalize tab. If the review is there, follow the above Clean Up steps.

3. Why do I see duplicate roles in the Roles drop-down?

   1. Potential Cause: One or more users has a Role attribute that contains leading or trailing whitespace. If this happens, there will be 2 roles with nearly identical names.

      1. Confirmation Steps go to the Role side navigation and search for the role name. Copy the two similar names into a text editor and compare. If they are truly identical, reach out to support@claritysecurity.com

4. Why don't I see someone in the Default Reviewer-drop down?

   1. Potential Cause The desired default reviewer does not have the Clarity Entitlement Access Certification Admin. Grant them this entitlement and go back to step 1 - Set Up the Birthright Access Review.

Need help?