Chat now with support
Chat mit Support

Starling CertAccess Hosted - Demo Trial Guide

Identities

You can use the following identities in the use cases described.

Celestine Eaton
  • User name: CELESTINEAT

  • Role: Starling CertAccess administrator

  • Tasks:

    • Monitor requests and attestation cases

    • Monitor data in the Data Explorer

    • Edit memberships in application roles

Tony Denison
  • User name: TONYDEN

  • Role: Manager

  • Tasks: Approve access requests (request for group memberships) for Tomas Grenier

Tomas Grenier
  • User name: TOMASGRE

  • Role: Default user

  • Tasks: Requests memberships in the following Active Directory groups

    • Accounts payable

    • Enterprise Contract Administrators

    • Expense Manager

    • Marketing Operations

    • Purchase Analysis

    • Sales Analyst

    • Supplier Qualification

Dorreen Palacek
  • User name: DORREENPAL

  • Role: Product owner of system entitlements

  • Tasks: Approves access requests for the following Active Directory groups

    • Accounts payable

    • Enterprise Contract Administrators

    • Expense Manager

    • Marketing Operations

    • Purchase Analysis

    • Sales Analyst

    • Supplier Qualification

Quentin Payton
  • User name: QUENTINPAY

  • Role: Attestation supervisor

  • Tasks: Carries out attestations

Related topics

Scenario 1: Request membership in an Active Directory group

A default user wants to request membership in the Purchase Analysis Active Directory group themselves. The request undergoes an approval procedure. The request is granted approval by the default user's manager and by the owner of the group (product owner). Once the request has been granted approval, the default user's Active Directory user account becomes a member of the requested group. The Starling CertAccess administrator can then verify whether the default user's user account has been assigned to the group.

Identities managed in Starling CertAccess can use requests to apply for access permissions in the connected Active Directory environment. All requests undergo an approval procedure in which approvers grant or deny the requests. In the request history, you can always trace who placed or approved which access requests.

TIP: If an action is not available yet, it means that a background process is running such as, finding the next approver. Wait for a while and reload the page.

To request the Purchase Analysis Active Directory group

  1. Log in on the Starling CertAccess Web Portal as TOMASGREClosed.

  2. Request the Purchase Analysis Active Directory group.

    This runs a peer group analysis.

    Tony Denison, Tomas Grenier's manager, is determined to be an approver.

  3. Sign out as TOMASGRE.

  4. Log in as TONYDENClosed.

    A pending requests needs to be approved.

  5. Approve the request.

    Dorreen Palacek, the group's owner, is determined to be an approver.

  6. Sign out as TONYDEN.

  7. Log in as DORREENPALClosed.

    A pending requests needs to be approved.

  8. Approve the request.

    This finalizes the request approval and adds the membership to the group.

  9. Sign out as DORREENPAL.

  10. Log in as CELESTINEATClosed.

  11. In the Data Explorer, check whether the user account has been assigned to the group.

Related topics

Scenario 2: Attesting a group membership with approval granted

An attestation supervisor would like to have a membership in the Purchase Analysis Active Directory group attested. Membership should be granted. The attestation case is assigned to the member's manager and the owner of the group and confirmed. The Starling CertAccess administrator can then verify whether the user account continues to be a member of the group.

Attestation functionality allows the correctness of various data to be certified. Attestations are run either regularly or they can be triggered explicitly by attestation supervisors. Once attestation starts, attestation cases are created that contain all the necessary information about the attestation objects and the attestor. The attestor checks the attestation objects. They verify the correctness of the data and initiate any changes that need to be made if the data conflicts with internal rules. Attestation cases record the entire attestation sequence. Each attestation step in the attestation case can be audit-proof reconstructed.

TIP: If an action is not available yet, it means that a background process is running such as, finding the next attestor. Wait for a while and reload the page.

Prerequisite

To attest a membership in an Active Directory group

  1. Log in on the Starling CertAccess Web Portal as QUENTINPAYClosed.

  2. Start the attestation.

    Tony Denison, Tomas Grenier's manager, is determined to be an attestor.

  3. Sign out as QUENTINPAY.

  4. Log in as TONYDENClosed.

    A pending attestation needs to be approved.

  5. Approve the attestation.

    Dorreen Palacek, the group's owner, is determined to be an attestor.

  6. Sign out as TONYDEN.

  7. Log in as DORREENPALClosed.

    A pending attestation needs to be approved.

  8. Approve the attestation.

    This finalizes the attestation case and confirms the group membership.

  9. Sign out as DORREENPAL.

  10. Log in as CELESTINEATClosed.

  11. In the Data Explorer, check that the user account is still assigned to the group.

Related topics

Scenario 3: Attesting a group membership with approval denied

An attestation supervisor would like to have a membership in the Sales Analyst Active Directory group attested. Membership should be denied. The attestation case is assigned to the member's manager and the owner of the group. An attestor denies the existing group membership and the user account's assignment is automatically removed from the group. The Starling CertAccess administrator can then verify whether the group membership has really been removed.

Attestation functionality allows the correctness of various data to be certified. Attestations are run either regularly or they can be triggered explicitly by attestation supervisors. Once attestation starts, attestation cases are created that contain all the necessary information about the attestation objects and the attestor. The attestor checks the attestation objects. They verify the correctness of the data and initiate any changes that need to be made if the data conflicts with internal rules. Attestation cases record the entire attestation sequence. Each attestation step in the attestation case can be audit-proof reconstructed.

TIP: If an action is not available yet, it means that a background process is running such as, finding the next attestor. Wait for a while and reload the page.

Prerequisite

To attest membership in an Active Directory and to deny that attestation

  1. Log in on the Starling CertAccess Web Portal as QUENTINPAYClosed.

  2. Start the attestation.

    Tony Denison, Tomas Grenier's manager, is determined to be an attestor.

  3. Sign out as QUENTINPAY.

  4. Log in as TONYDENClosed.

    A pending attestation needs to be approved.

  5. Approve the attestation.

    Dorreen Palacek, the group's owner, is determined to be an attestor.

  6. Sign out as TONYDEN.

  7. Log in as DORREENPALClosed.

    A pending attestation needs to be approved.

  8. Deny the attestation.

    This finalizes denial of the attestation case. The group membership is automatically removed.

  9. Sign out as DORREENPAL.

  10. Log in as CELESTINEATClosed.

  11. In the Data Explorer, check that the group membership has been removed.

Related topics
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen