Oleria Access Reviews

This document provides a step-by-step walkthrough of how to manage access reviews using the Oleria platform. You will learn where to locate access reviews, configure settings, assign reviews, and manage notifications effectively to ensure a seamless review process within your organization.

Step 1

Begin by locating the access reviews in the Oleria platform. You'll find access reviews under the Governance section on the left.

Step 2

Navigate to the Settings tab to review and adjust your company's settings.

Step 3

You can configure three primary settings to run your access reviews. The peer groups setting allows you to define groups based on criteria such as department, job title, or managerial hierarchy. By default, Oleria selects department.

Step 4

In addition to department, you have the option to select job title, first-level manager, or second-level manager.

Step 5

The HR change setting is available for configuration.

Step 6

Oleria uses HR change information to build insights that aid reviewers in conducting more relevant access reviews. You can specify the number of days for tracking HR information. Oleria defaults this to 90 days.

Step 7

Notifications can be configured to include email alerts for access reviews. By default, Oleria sends an email when a review item is assigned and follows a preset reminder schedule.

Step 8

You have the flexibility to customize these notifications and even allow reviewers the option to opt-out.

Step 9

Additionally, you can decide whether to send emails upon the closure of a campaign.

Step 10

Escalation emails can be sent to a reviewer's manager if the review is not completed on time.

Step 11

When creating a new campaign in an access review, start by selecting the applications within your organization that need to be reviewed.

Step 12

Apply filters to narrow down to specific applications, if necessary.

Step 13

For example, you can select Salesforce or other relevant applications.

Step 14

To proceed, clear existing selections and focus on Salesforce.

Step 15

Excellent.

Step 16

On this page, choose which users will undergo an access review.

Step 17

These users are sourced directly from your connected HR platform, serving as the source of truth. Let's select all employees for this review.

Step 18

Click "Next" to assign reviewers for this campaign as desired.

Step 19

You can assign based on managerial hierarchy or specify a user for role or group reviews.

Step 20

In this example, we'll begin with a specific manager since Oleria integrates with your HR source of truth.

Step 21

Oleria automatically understands employee-manager relationships, enabling seamless creation and assignment of access reviews. Set the review to start tomorrow and continue for one month.

Step 22

Set it to run once.

Step 23

Alternatively, configure it to occur every 90 days for quarterly access reviews.

Step 24

We'll revert to running it once and configure remediations, which are customizable by the admin.

Step 25

Choose actions such as whether to remove access if the reviewer takes no action. In this scenario, we will not take action. Also, decide if access should be removed when a reviewer rejects access.

Step 26

In this case, access will be removed for the user.

Step 27

This is what the final access review setup appears as.

Step 28

Proceed to publish the review, naming it Quarterly Salesforce Review.

Step 29

Excellent.

Step 30

With that, the review campaign has been successfully created.

Step 31

Before proceeding with the campaign, let me show you where to configure your HR source information.

Step 32

Under Settings, locate Employee Information. This is where Oleria sources your employee data.

Step 33

Currently, Oleria is connected to a Workday instance, influencing the access graph and access reviews. Now return to the Governance section to Access Reviews, and review the scheduled campaigns.

Step 34

The Quarterly Salesforce Review is the campaign we just created.

Step 35

It has not yet been launched.

Step 36

It's scheduled to launch tomorrow as configured by the admin. In this instance, I will click on Launch to initiate the campaign immediately.

Step 37

Select Launch Now to begin the campaign immediately. When launched, it will appear in the Active tab.

Step 38

You can see that the Quarterly Salesforce Review is now active, with seven concurrent reviews.

Step 39

These are the seven reviews that need to be completed. There are views available by Reviewer and by Application.

Step 40

These reviews span three applications.

Step 41

As demonstrated, cross-IDP applications are supported. All Salesforce applications have been consolidated here—two are linked to TrustFusion, and one to Okta. Reviewing by reviewer reveals that manager Julie Boles has five pending tasks.

Step 42

Selecting her profile reveals the reviews she is required to complete.

Step 43

If there is a need to reassign reviews due to an absence, this functionality is available. Let's reassign a review from Enrique to another manager.

Step 44

Reassign to Julie.

Step 45

Excellent.

Step 46

The reassignment was successful.

Step 47

If you revisit the reviews, Enrique's review is no longer visible as it has been reassigned to Julie.

Step 48

Excellent.

Step 49

Let's explore the experience from the reviewer's perspective.

Step 50

This is Julie's view of the reviewer portal. The Quarterly Salesforce Review was assigned to her. By clicking on it, she can view the reviews she needs to complete. Initially, there were six reviews, which are now displayed for her action.

Step 51

The reviewer page provides a quick recommendation list. For Julie's direct reports, Oleria recommends keeping zero, reviewing two, and rejecting four. Filters can be applied to streamline the process. Let's examine the information source.

Step 52

Peer group information is displayed when a review is selected. It provides details on the user and the account under review.

Step 53

You also see the outcomes of past reviews, along with insights that suggest why Oleria recommends removing access. In this example, only 6% of the same peer group, defined as department, have access. Chris hasn't logged into Salesforce for the past 76 days, hence the recommendation to reject their access.

Step 54

There are no recent HR changes for these users. You can also view their role within the application. I'll reject the unnecessary access.

Step 55

Excellent. Four of Julie's reviews are now complete, leaving two. For Chris, there's no recent activity data, but only 6% of similar department users have access. However, Julie's prior approval on August 26 is noted.

Step 56

I will approve Chris's access this time. Excellent. The final individual is Lea. Her access was rejected on September 19 by Julie.

Step 57

Additionally, Lea's department changed from Property Management to Network and Telecom, and her manager is now Julie. Given that 12% of her peers have similar access, I choose to reject her access due to excessive permissions.

Step 58

Julie's access reviews are now complete; one was approved, five were rejected. Returning to the admin view shows that Julie has completed 100% of her reviews.

Step 59

All reviews are done, except for Mark Johnson's. I will close the campaign to examine the remediation process.

Step 60

End the campaign.

Step 61

The campaign has ended.

Step 62

Returning to the campaign, you can see the number of reviews completed, pending, approved, rejected, and the admin-defined configuration.

Step 63

The campaign's end and creation dates are also documented.

Step 64

Let's review all completed tasks.

Step 65

Here are all completed reviews. Julie's reviews are marked, while Mark Johnson did not complete his assigned review.

Step 66

Except for one incomplete review, all tasks were finished. Clicking on any review reveals why certain decisions were made and details any remediation actions.

Step 67

To view all ongoing remediations, visit the last tab.

Step 68

Here you see current remediations in progress. Await a few more minutes for the ongoing tasks to finish. In the All Reviews section, observe that Mary Johnson's review included two remediations.

Step 69

One was to remove Mary from a group, while the other was to remove the group from entitlement. One remediation was blocked, the other succeeded. Let's investigate further.

Step 70

Proceed to Remediations. A mix of blocked and successful actions is shown.

Step 71

Choose a blocked example, such as removing a group from an entitlement. It was blocked because other group members would lose access.

Step 72

Remediation processes examine each rejected review to determine how the person accessed the application and what can be safely revoked. In this case, the group's access to Salesforce cannot be removed without affecting other users.

Step 73

Now review successful actions.

Step 74

For Lea, direct access to Salesforce was removed successfully.

Step 75

Lea had direct Salesforce access, which was successfully revoked.

Step 76

Now explore a blocked case, such as Mary Johnson's, where her group removal was blocked to prevent loss of access to other applications.

Step 77

Additionally, create tickets for remediations as needed. Let's create one now. A ticket is automatically generated in your ticketing system.

Step 78

In this case, it's ServiceNow.

Step 79

Returning to the system, the ticket number is visible, providing a comprehensive record for tracking and compliance.

Step 80

Thank you for your attention.

Step 81

This concludes the demonstration.

Step 82

Thank you for following along.

Step 83

That's all for now.