Certifications
What Certifications Are
What it is: Certifications are structured access review campaigns. They ask a designated reviewer to confirm that identity data, schema definitions, or scheduled reports are accurate and approved. Each certification is assigned to a reviewer, tracked through a lifecycle, and closed when complete.
Why it matters: Unreviewed access is a compliance and security risk. Certifications give your team a repeatable, auditable process for confirming the integrity of collected identity data, schema mappings, and automated reports. Hydden Control's access review campaigns also create certifications here in Discovery.
Certification Types
| Type | Display Name | Purpose |
|---|---|---|
attestation.certification.collector | Identity Integrity | Verify that account and identity data collected by a connector is accurate and current |
attestation.certification.schema | Schema Integrity | Confirm that schema definitions used in identity data collection are valid and up to date |
attestation.certification.report | Report Integrity | Certify that a scheduled saved-search report has been reviewed and approved |
Certification Lifecycle
A certification moves through the following statuses:
| Status | Description |
|---|---|
| Pending | Awaiting assignment or reviewer action |
| In Progress | Reviewer has started work on the certification |
| Completed | Reviewer confirmed the data and closed the certification |
| Abandoned | Certification closed without approval |
Automatic transitions:
- When you assign a reviewer, status resets to Pending.
- When the assigned reviewer takes any action while the certification is Pending, status moves to In Progress automatically.
- Reassigning a certification resets status to Pending.
Closing rules:
- Only the assigned reviewer can mark a certification Completed.
- Any user with access can mark it Abandoned.
- A comment is required before completing or abandoning.
- Closed certifications cannot be edited.
How to Review a Certification
Purpose: Complete a certification assigned to you.
Before you begin:
- You must be the assigned reviewer for the certification.
- Have a comment prepared that explains your review decision.
Steps
Open the Certifications page. Navigate to Certifications in the left menu. Active certifications assigned to you appear in the list.
Click a certification to open the Review dialog. The Details tab shows status, priority, assigned reviewer, due date, and activity history.
Review the data. (Identity Integrity and Schema Integrity types only) Click the Review Data tab. Use the Source and Entity Type dropdowns to select the dataset you want to inspect. The grid shows all collected records for that source and entity type.
Export the data if needed. Click Export CSV to download the current view as a CSV file. The filename uses the format
Certification_{connector_name}_{entity_type}.csv. The export reflects any active column sorting and filtering.Compare two sources. (Identity Integrity type only) Click the compare icon to enter Compare mode. Select Source A and Source B to view a side-by-side CSV diff. This highlights differences between two connectors collecting the same entity type.
Add a comment. Return to the Details tab. Type your review notes in the Add Comment field. A comment is required before closing.
Close the certification.
- Click Complete to mark the certification as approved and close it.
- Click Abandon to close without approval.
- Click Finish Later to close the dialog without changing status.
Result: The certification is closed and tombstoned. Data views, exports, and comments are all logged in the Activity History.
Priority and Due Dates
Set priority and due dates from the Details tab of any open certification.
| Field | Options | Notes |
|---|---|---|
| Priority | Low, Medium, High, Critical | Saved immediately on change |
| Due Date | Any date | Saved on focus loss |
| Assigned To | Any user | Reassignment resets status to Pending |
Scheduled Certifications
Identity Integrity certifications can run on a cron schedule. This removes the need to create certifications manually.
How it works:
- Attestation settings link a certification type to a cron schedule for a specific collector.
- When the schedule fires, a new Identity Integrity certification is created for that collector.
- Certifications for tombstoned or unreachable collectors are automatically skipped.
- The scheduler seeds the next-run time from the most recently completed certification, preventing duplicate runs on restart.
Schedule fields (set through the attestation settings API):
| Field | Description |
|---|---|
schedule | ID of a configured cron schedule |
context_id | Collector identifier |
type | Certification type key |
See the Attestation & Certifications API for schedule endpoint details.
Workflow Triggers
Use the Certification Status trigger in Automation to fire workflows when certification status changes.
Example use cases:
- Send an email when a certification is assigned to a reviewer.
- Create a ServiceNow ticket when a certification moves to In Progress.
- Notify a manager when a certification is completed or abandoned.
See Triggers for available variables and configuration steps.
Viewing Closed Certifications
By default, the Certifications list shows only open (active) certifications. To view closed certifications, use the tombstoned query parameter in the list API:
GET /internal/v1/attest/certification?tombstoned=trueClosed certifications include closed_at and opened_at timestamps. The duration is visible in the Timeline section of the Details tab.