How the Primary Certifier and Secondary Certifier works for Recertification!

New Contributor III
New Contributor III

Hi Team, 
We would like to know about Primary and Secondary certifier setup for recertification process,  How it works with respect to User Access Review.



Saviynt Employee
Saviynt Employee

For identity objects such as entitlements, roles, service accounts, and endpoints, you can add a primary and a secondary certifier as owners.

A primary certifier can take actions on the certification and lock the campaign containing the certification. The primary certifier can also delegate owned line-items to another user, in which case that user becomes the delegated reviewer for that line-item. However, the primary certifier still retains responsibility for that line-item.

A secondary certifier can take actions on the certification but they cannot lock the campaign. Only the primary certifier can lock the campaign. The secondary certifier can perform actions on certifications, but those actions can be reviewed and overwritten by the primary certifier. The actions taken by the primary certifier are considered final.

For more details please refer this link: