{"id":44076,"date":"2024-01-18T13:26:57","date_gmt":"2024-01-18T12:26:57","guid":{"rendered":"https:\/\/www.firstware.com\/?p=44076"},"modified":"2024-01-24T17:12:10","modified_gmt":"2024-01-24T16:12:10","slug":"recertification-of-authorizations","status":"publish","type":"post","link":"https:\/\/www.firstware.com\/en\/blog\/recertification-of-authorizations\/","title":{"rendered":"When recertification of authorizations makes sense"},"content":{"rendered":"<p>Recertifications are intended to ensure that everyone only has access to what they need to do their work. It is therefore a matter of regularly checking and confirming employees&#8217; access rights.<\/p>\n<p>Anyone who deals with the topic of Identity &amp; Access Management will ask themselves why recertification of authorizations is necessary at all. With a well-engineered <a href=\"https:\/\/firstware.com\/\">IAM solution<\/a>, the processes are already so optimized and partially fully automated that no additional control instance is required. So, why is the topic of &#8220;recertification of authorizations&#8221; on everyone&#8217;s lips?<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Index<\/p>\n<span class=\"ez-toc-title-toggle\"><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.firstware.com\/en\/blog\/recertification-of-authorizations\/#Desire-for-100-security\" >Desire for 100% security<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.firstware.com\/en\/blog\/recertification-of-authorizations\/#Recertification-as-a-control-mechanism\" >Recertification as a control mechanism<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.firstware.com\/en\/blog\/recertification-of-authorizations\/#Recertification-of-authorizations-is-a-nuisance\" >Recertification of authorizations is a nuisance<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.firstware.com\/en\/blog\/recertification-of-authorizations\/#Recertification-is-not-required-for-fully-automated-groups\" >Recertification is not required for fully automated groups<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.firstware.com\/en\/blog\/recertification-of-authorizations\/#Full-automation-through-attribute-based-rules\" >Full automation through attribute-based rules<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.firstware.com\/en\/blog\/recertification-of-authorizations\/#Time-control-and-temporary-authorizations\" >Time control and temporary authorizations<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.firstware.com\/en\/blog\/recertification-of-authorizations\/#Recertification-of-authorizations-makes-sense-here\" >Recertification of authorizations makes sense here<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.firstware.com\/en\/blog\/recertification-of-authorizations\/#Companies-want-recertification-of-authorizations\" >Companies want recertification of authorizations<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.firstware.com\/en\/blog\/recertification-of-authorizations\/#Companies-do-not-manage-group-memberships-fully-automatically\" >Companies do not manage group memberships fully automatically<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.firstware.com\/en\/blog\/recertification-of-authorizations\/#Human-error\" >Human error \u00a0<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.firstware.com\/en\/blog\/recertification-of-authorizations\/#Limits-of-recertifications\" >Limits of recertifications<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n<h2><span class=\"ez-toc-section\" id=\"Desire-for-100-security\"><\/span>Desire for 100% security<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>On the one hand, it shows that <strong>security is the number one topic for many companies<\/strong>. There is always the challenge of protecting sensitive data and applications in such a way that they cannot be misused. Companies, and IT managers in particular, are actively considering how best to keep access authorizations under control, prevent data theft and strengthen IT compliance in general.<\/p>\n<p>Of course, you have to admit that <strong>a 100% guarantee is not possible<\/strong>, because even automated processes have to be initiated and monitored by people. In a company, employees are so networked and technically equipped that it is impossible to completely control everything and everyone.<\/p>\n<p>On the other hand, it is clear that many company executives do not fully exploit the potential of IAM solutions or consider additional control instances to be necessary.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Recertification-as-a-control-mechanism\"><\/span>Recertification as a control mechanism<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><strong>Recertification essentially means that the access rights of each employee must be regularly reviewed and reconfirmed.<\/strong> It describes a control mechanism that involves active monitoring and approval by a responsible person (&#8220;recertification officer&#8221;). This is intended to ensure that the internal compliance guidelines are adhered to.<\/p>\n<p>Trainees or interns are often used as an example to justify the need for recertification. During their training period, they move through several departments in order to get to know as many processes in the company as possible. This also gives them access to various drives and applications. The important question here is: Where is the trainee organizationally assigned?<\/p>\n<p>If they are assigned to department groups and not removed again after a change, they will retain the access authorizations of many groups for months\/years. This <strong>unnoticed over-authorization<\/strong> of an individual employee, be it a trainee or permanent employee, represents a security risk and a failure to comply with compliance regulations.<\/p>\n<p><strong>A recertification check provides an opportunity to regularly check group memberships and remove members.<\/strong><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Recertification-of-authorizations-is-a-nuisance\"><\/span>Recertification of authorizations is a nuisance<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>At first glance, it seems that recertification is a chore. It takes time and is an unloved task that people like to put off. In practice, however, it is not a particularly time-consuming task.<\/p>\n<p><strong>With recertification in the FirstWare IDM-Portal, a responsible person is finished with the homework in a short time.<\/strong> These are the steps of our solution:<\/p>\n<p>1. The Automation Service in IDM-Portal runs through all groups in Active Directory once a day and checks the date of the &#8220;Last Check&#8221;.<\/p>\n<p><img decoding=\"async\" class=\"imgshadow aligncenter wp-image-44072\" title=\"Recertification of authorizations_Last check\" src=\"https:\/\/firstware.com\/wp-content\/uploads\/2024\/01\/Rezertifizierung-von-Berechtigungen_Datum-des-Last-check-300x163.jpg\" alt=\"Recertification of authorizations_Date of last check\" width=\"500\" height=\"272\" srcset=\"https:\/\/www.firstware.com\/wp-content\/uploads\/2024\/01\/Rezertifizierung-von-Berechtigungen_Datum-des-Last-check-300x163.jpg 300w, https:\/\/www.firstware.com\/wp-content\/uploads\/2024\/01\/Rezertifizierung-von-Berechtigungen_Datum-des-Last-check-1024x558.jpg 1024w, https:\/\/www.firstware.com\/wp-content\/uploads\/2024\/01\/Rezertifizierung-von-Berechtigungen_Datum-des-Last-check-768x418.jpg 768w, https:\/\/www.firstware.com\/wp-content\/uploads\/2024\/01\/Rezertifizierung-von-Berechtigungen_Datum-des-Last-check-1536x837.jpg 1536w, https:\/\/www.firstware.com\/wp-content\/uploads\/2024\/01\/Rezertifizierung-von-Berechtigungen_Datum-des-Last-check-2048x1116.jpg 2048w\" sizes=\"(max-width: 500px) 100vw, 500px\" \/><\/p>\n<p>2. Depending on the definition, the service knows when the next &#8220;compliance check&#8221; is due for a group (weekly, monthly, annually &#8211; depending on the setting) and applies the rules.<\/p>\n<p>3. If the &#8220;Compliance Check&#8221; is imminent, the Automation Service sends an e-mail to the person responsible for recertification in the group (usually the group owner) stating: &#8220;Recertification required&#8221;.<\/p>\n<p>4. The owner accesses the IDM-Portal via a link and checks the members of the group. If he discovers members who are no longer up to date, he can remove them immediately.<\/p>\n<p><img decoding=\"async\" class=\"imgshadow aligncenter wp-image-44019\" title=\"Check group memberships\" src=\"https:\/\/firstware.com\/wp-content\/uploads\/2023\/12\/Gruppenmitglieder-pruefen-300x276.png\" alt=\"Check group memberships\" width=\"500\" height=\"460\" srcset=\"https:\/\/www.firstware.com\/wp-content\/uploads\/2023\/12\/Gruppenmitglieder-pruefen-300x276.png 300w, https:\/\/www.firstware.com\/wp-content\/uploads\/2023\/12\/Gruppenmitglieder-pruefen.png 621w\" sizes=\"(max-width: 500px) 100vw, 500px\" \/><\/p>\n<p>5. At the end, he confirms the &#8220;Compliance Check&#8221; by ticking the box. The date is saved as the &#8220;Last Check&#8221;.<\/p>\n<p><img decoding=\"async\" class=\"imgshadow aligncenter wp-image-44028\" title=\"Compliance check\" src=\"https:\/\/firstware.com\/wp-content\/uploads\/2023\/12\/Compliance-check-300x41.png\" alt=\"Compliance check\" width=\"500\" height=\"68\" srcset=\"https:\/\/www.firstware.com\/wp-content\/uploads\/2023\/12\/Compliance-check-300x41.png 300w, https:\/\/www.firstware.com\/wp-content\/uploads\/2023\/12\/Compliance-check-1024x139.png 1024w, https:\/\/www.firstware.com\/wp-content\/uploads\/2023\/12\/Compliance-check-768x104.png 768w, https:\/\/www.firstware.com\/wp-content\/uploads\/2023\/12\/Compliance-check-1536x209.png 1536w, https:\/\/www.firstware.com\/wp-content\/uploads\/2023\/12\/Compliance-check-2048x278.png 2048w\" sizes=\"(max-width: 500px) 100vw, 500px\" \/><\/p>\n<p>6. If the owner does not respond before the deadline expires, the Automation Service sends an e-mail to IT security.<\/p>\n<p>The IDM-Portal simplifies an inherently complex process and makes it user-friendly. Recertifications can be completed quickly and are not a burden.<\/p>\n<p><a href=\"https:\/\/firstware.com\/en\/contact\/\"><button class=\"ButtonBeratung2 aligncenter\">Contact us<\/button><\/a><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Recertification-is-not-required-for-fully-automated-groups\"><\/span>Recertification is not required for fully automated groups<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3><span class=\"ez-toc-section\" id=\"Full-automation-through-attribute-based-rules\"><\/span>Full automation through attribute-based rules<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>However, recertification is not necessary per se.<\/p>\n<p>If a company uses a solution with <a href=\"https:\/\/firstware.com\/en\/authorization\/automation\/\" target=\"_blank\" rel=\"noopener\">IAM automation<\/a>, such as the <a href=\"https:\/\/firstware.com\/en\/why-idm-portal\/\" target=\"_blank\" rel=\"noopener\">FirstWare IDM-Portal<\/a>, then managers do not have to deal with such &#8220;trainee issues&#8221;. The full automation that companies receive with the IDM-Portal makes recertifications obsolete.<\/p>\n<p>How does this work in practice?<\/p>\n<p>IAM full automation is based on an attribute and its value, e.g. attribute &#8220;department = marketing&#8221;. Most attributes are single value attributes, i.e. the &#8220;department&#8221; attribute can only have one value:<\/p>\n<ol>\n<li style=\"list-style-type: none;\">\n<ol>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>Marketing OR<\/li>\n<li>HR OR<\/li>\n<li>Logistics<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<p>The <strong>full automation in IDM-Portal is based on clear rules<\/strong>, e.g. there is a dynamic group for the marketing department. It contains the filter:<\/p>\n<p>A user is a member if the attribute &#8220;department = Marketing&#8221;.<\/p>\n<p>If this value is changed to &#8220;department = Logistics&#8221;, the membership in the old department expires and another one may apply.<\/p>\n<p><strong>There is therefore no over-authorization<\/strong>, as this is not possible due to the defined rules. An employee cannot be a member of two department groups at the same time.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Time-control-and-temporary-authorizations\"><\/span>Time control and temporary authorizations<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>With IDM-Portal, it is also possible to automatically revoke authorizations after a certain period of time. This &#8220;time control&#8221; replaces manual checking by a responsible person.&lt;\/p<\/p>\n<p>A temporary authorization is therefore assigned manually and withdrawn automatically. This can be implemented in parallel for several departments.<\/p>\n<p>In a further stage, so-called &#8220;scheduled functions&#8221; can be integrated into the IDM-Portal, i.e. there is a rule that is checked daily, for example. This can be varied.<\/p>\n<p>IAM solutions with automation functions, such as\u00a0<\/p>\n<ol>\n<li style=\"list-style-type: none;\">\n<ol>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>attribute-based rules,<\/li>\n<li>time control and<\/li>\n<li>additional planned tasks<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<p>tighten the safety net so that further control mechanisms (such as recertification) are not necessary.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Recertification-of-authorizations-makes-sense-here\"><\/span>Recertification of authorizations makes sense here<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3><span class=\"ez-toc-section\" id=\"Companies-want-recertification-of-authorizations\"><\/span>Companies want recertification of authorizations<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>In our discussions with numerous interested parties and customers, it is clear that top management wants to use recertification. It gives them the certainty that an auditing body will check the group members at least once a year and can thus uncover over-authorizations. Last but not least, auditors also demand these audit processes, as data theft is seen as a significant risk factor.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Companies-do-not-manage-group-memberships-fully-automatically\"><\/span>Companies do not manage group memberships fully automatically<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Even companies that use an Identity &amp; Access Management system want to use recertification. As IAM systems do not conform to any standard pattern and are configured differently, full automation is not always integrated.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Human-error\"><\/span>Human error \u00a0<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Automations, rules and time controls must also be created manually and checked again and again. Unfortunately, human error cannot be completely eliminated in any respect. In any case, it makes sense to subject certain groups to regular recertification.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Limits-of-recertifications\"><\/span>Limits of recertifications<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>It is important to define a scope for the recertification of authorizations. A complete approach for all authorizations is generally not useful. If, for example, a department head has a large number of authorizations to confirm, it is easy for careless errors to occur &#8211; or the person responsible simply lacks the desire to check them. In extreme cases, this can lead to them not actually carrying out the check, but simply clicking &#8220;OK&#8221;. This would clarify liability, but over-authorization or worse would still be possible.<\/p>\n<p>A good mix of fully automated and time-limited authorizations together with some permanent authorizations that are recertified can be a good solution.<\/p>\n<p>&nbsp;<\/p>\n<p>Would you like to better control your access authorizations? Get to know our <a href=\"https:\/\/firstware.com\/en\/\">IAM solution<\/a> with automation, time control and recertification. We will be happy to advise you on which option will achieve the best result for you.<\/p>\n<p><a href=\"https:\/\/firstware.com\/en\/contact\/\"><button class=\"ButtonBeratung aligncenter\">Get in touch now<\/button><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Recertifications are intended to ensure that everyone only has access to what they need to do their work. It is [&hellip;]<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1835,1836,1839],"tags":[1954,1956],"class_list":["post-44076","post","type-post","status-publish","format-standard","hentry","category-authorization-management-en","category-compliance-en","category-identity-management-en","tag-access-rights-en","tag-recertification-of-authorizations-en"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Recertification of authorizations used wisely - FirstWare IDM-Portal<\/title>\n<meta name=\"description\" content=\"The recertification of authorizations is used to regularly check group memberships in AD and to detect over-authorizations.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.firstware.com\/en\/blog\/recertification-of-authorizations\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Recertification of authorizations used wisely - FirstWare IDM-Portal\" \/>\n<meta property=\"og:description\" content=\"The recertification of authorizations is used to regularly check group memberships in AD and to detect over-authorizations.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.firstware.com\/en\/blog\/recertification-of-authorizations\/\" \/>\n<meta property=\"og:site_name\" content=\"FirstWare IDM-Portal\" \/>\n<meta property=\"og:image\" content=\"https:\/\/firstware.com\/wp-content\/uploads\/2024\/01\/Rezertifizierung-von-Berechtigungen_Datum-des-Last-check-300x163.jpg\" \/>\n<meta name=\"author\" content=\"Sophia Tunui\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sophia Tunui\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/recertification-of-authorizations\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/recertification-of-authorizations\\\/\"},\"author\":{\"name\":\"Sophia Tunui\",\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/#\\\/schema\\\/person\\\/e7504910be78b9b066298168ab6e839e\"},\"headline\":\"When recertification of authorizations makes sense\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/recertification-of-authorizations\\\/\"},\"wordCount\":1251,\"publisher\":{\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/recertification-of-authorizations\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/firstware.com\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/Rezertifizierung-von-Berechtigungen_Datum-des-Last-check-300x163.jpg\",\"keywords\":[\"access rights\",\"recertification of authorizations\"],\"articleSection\":[\"Authorization Management\",\"Compliance\",\"Identity Management\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/recertification-of-authorizations\\\/\",\"url\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/recertification-of-authorizations\\\/\",\"name\":\"Recertification of authorizations used wisely - FirstWare IDM-Portal\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/recertification-of-authorizations\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/recertification-of-authorizations\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/firstware.com\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/Rezertifizierung-von-Berechtigungen_Datum-des-Last-check-300x163.jpg\",\"description\":\"The recertification of authorizations is used to regularly check group memberships in AD and to detect over-authorizations.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/recertification-of-authorizations\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/recertification-of-authorizations\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/recertification-of-authorizations\\\/#primaryimage\",\"url\":\"https:\\\/\\\/firstware.com\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/Rezertifizierung-von-Berechtigungen_Datum-des-Last-check-300x163.jpg\",\"contentUrl\":\"https:\\\/\\\/firstware.com\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/Rezertifizierung-von-Berechtigungen_Datum-des-Last-check-300x163.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/recertification-of-authorizations\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"When recertification of authorizations makes sense\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/\",\"name\":\"FirstWare IDM-Portal\",\"description\":\"Identity and Autorization Management in M365 and Active Directory\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/#organization\",\"name\":\"FirstWare IDM-Portal\",\"url\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.firstware.com\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/IDM-Portal.ico\",\"contentUrl\":\"https:\\\/\\\/www.firstware.com\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/IDM-Portal.ico\",\"width\":1,\"height\":1,\"caption\":\"FirstWare IDM-Portal\"},\"image\":{\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/#\\\/schema\\\/person\\\/e7504910be78b9b066298168ab6e839e\",\"name\":\"Sophia Tunui\",\"sameAs\":[\"http:\\\/\\\/firstattribute.com\"],\"url\":\"https:\\\/\\\/www.firstware.com\\\/en\\\/blog\\\/author\\\/sophia-tunui\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Recertification of authorizations used wisely - FirstWare IDM-Portal","description":"The recertification of authorizations is used to regularly check group memberships in AD and to detect over-authorizations.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.firstware.com\/en\/blog\/recertification-of-authorizations\/","og_locale":"en_US","og_type":"article","og_title":"Recertification of authorizations used wisely - FirstWare IDM-Portal","og_description":"The recertification of authorizations is used to regularly check group memberships in AD and to detect over-authorizations.","og_url":"https:\/\/www.firstware.com\/en\/blog\/recertification-of-authorizations\/","og_site_name":"FirstWare IDM-Portal","og_image":[{"url":"https:\/\/firstware.com\/wp-content\/uploads\/2024\/01\/Rezertifizierung-von-Berechtigungen_Datum-des-Last-check-300x163.jpg","type":"","width":"","height":""}],"author":"Sophia Tunui","twitter_misc":{"Written by":"Sophia Tunui","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.firstware.com\/en\/blog\/recertification-of-authorizations\/#article","isPartOf":{"@id":"https:\/\/www.firstware.com\/en\/blog\/recertification-of-authorizations\/"},"author":{"name":"Sophia Tunui","@id":"https:\/\/www.firstware.com\/en\/#\/schema\/person\/e7504910be78b9b066298168ab6e839e"},"headline":"When recertification of authorizations makes sense","mainEntityOfPage":{"@id":"https:\/\/www.firstware.com\/en\/blog\/recertification-of-authorizations\/"},"wordCount":1251,"publisher":{"@id":"https:\/\/www.firstware.com\/en\/#organization"},"image":{"@id":"https:\/\/www.firstware.com\/en\/blog\/recertification-of-authorizations\/#primaryimage"},"thumbnailUrl":"https:\/\/firstware.com\/wp-content\/uploads\/2024\/01\/Rezertifizierung-von-Berechtigungen_Datum-des-Last-check-300x163.jpg","keywords":["access rights","recertification of authorizations"],"articleSection":["Authorization Management","Compliance","Identity Management"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.firstware.com\/en\/blog\/recertification-of-authorizations\/","url":"https:\/\/www.firstware.com\/en\/blog\/recertification-of-authorizations\/","name":"Recertification of authorizations used wisely - FirstWare IDM-Portal","isPartOf":{"@id":"https:\/\/www.firstware.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.firstware.com\/en\/blog\/recertification-of-authorizations\/#primaryimage"},"image":{"@id":"https:\/\/www.firstware.com\/en\/blog\/recertification-of-authorizations\/#primaryimage"},"thumbnailUrl":"https:\/\/firstware.com\/wp-content\/uploads\/2024\/01\/Rezertifizierung-von-Berechtigungen_Datum-des-Last-check-300x163.jpg","description":"The recertification of authorizations is used to regularly check group memberships in AD and to detect over-authorizations.","breadcrumb":{"@id":"https:\/\/www.firstware.com\/en\/blog\/recertification-of-authorizations\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.firstware.com\/en\/blog\/recertification-of-authorizations\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.firstware.com\/en\/blog\/recertification-of-authorizations\/#primaryimage","url":"https:\/\/firstware.com\/wp-content\/uploads\/2024\/01\/Rezertifizierung-von-Berechtigungen_Datum-des-Last-check-300x163.jpg","contentUrl":"https:\/\/firstware.com\/wp-content\/uploads\/2024\/01\/Rezertifizierung-von-Berechtigungen_Datum-des-Last-check-300x163.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.firstware.com\/en\/blog\/recertification-of-authorizations\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/www.firstware.com\/en\/"},{"@type":"ListItem","position":2,"name":"When recertification of authorizations makes sense"}]},{"@type":"WebSite","@id":"https:\/\/www.firstware.com\/en\/#website","url":"https:\/\/www.firstware.com\/en\/","name":"FirstWare IDM-Portal","description":"Identity and Autorization Management in M365 and Active Directory","publisher":{"@id":"https:\/\/www.firstware.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.firstware.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.firstware.com\/en\/#organization","name":"FirstWare IDM-Portal","url":"https:\/\/www.firstware.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.firstware.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.firstware.com\/wp-content\/uploads\/2019\/06\/IDM-Portal.ico","contentUrl":"https:\/\/www.firstware.com\/wp-content\/uploads\/2019\/06\/IDM-Portal.ico","width":1,"height":1,"caption":"FirstWare IDM-Portal"},"image":{"@id":"https:\/\/www.firstware.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.firstware.com\/en\/#\/schema\/person\/e7504910be78b9b066298168ab6e839e","name":"Sophia Tunui","sameAs":["http:\/\/firstattribute.com"],"url":"https:\/\/www.firstware.com\/en\/blog\/author\/sophia-tunui\/"}]}},"_links":{"self":[{"href":"https:\/\/www.firstware.com\/en\/wp-json\/wp\/v2\/posts\/44076","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.firstware.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.firstware.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.firstware.com\/en\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/www.firstware.com\/en\/wp-json\/wp\/v2\/comments?post=44076"}],"version-history":[{"count":0,"href":"https:\/\/www.firstware.com\/en\/wp-json\/wp\/v2\/posts\/44076\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.firstware.com\/en\/wp-json\/wp\/v2\/media?parent=44076"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.firstware.com\/en\/wp-json\/wp\/v2\/categories?post=44076"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.firstware.com\/en\/wp-json\/wp\/v2\/tags?post=44076"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}