# Access review **User access review** means configuring and executing periodic user access checks. These checks should be an integral part of a larger strategy to improve security and ensure that users have only the required level of access. They are also important for supporting regulatory requirements such as SOC-2 audits. {% hint style="info" %} Every run of a User Access Certification creates a new review campaign with a unique set of data. In the User Access Certification dashboard there may be several campaigns with different data for the same configuration. {% endhint %} {% hint style="warning" %} To avoid the error "Access Rights were not selected against the roles or groups assigned to the users" when creating an access certification, make sure to select access rights when assigning a user to a role. Access certification works only when access rights are selected for the roles or groups being certified. This can be done in SelfService when creating a request. {% endhint %} {% hint style="info" %} When creating a User Access Review (UAR) in the SelfService portal, there is a **Compare with** button. To hide it, override the `openiam.ui.webconsole.user.compare.with.buttonshow=` property in the `selfservice.ui.properties` file at `/openiam-selfservice/src/main/resources`. {% endhint %} *** ## How to implement User Access Certification | Step | Description | | ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | **Collect evidence of access** | Import data from applications using the connector and synchronization tools so that OpenIAM has the access data needed to conduct the certification. | | **Configure the certification** | Define the scope of the review and the reviewer workflow. Choose the certification type that fits your needs (see below). | | **Execute the certification** | Start the campaign. Reviewers are notified and can begin the access review. | | **Monitor and manage** | Use the [Campaign dashboard](/access-review/campaign-dashboard.md) to track review progress, manage campaign managers, and perform lifecycle actions (delete, expire, extend). | | **Reporting for auditors** | After completion, campaign managers download reports to attach to audit documentation. See [Certification reporting](/access-review/certification-reporting.md). | *** ## Certification types | Type | Description | | ------------------------------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- | | [User-based certification](/access-review/user-based-certification.md) | Reviews all access that selected users have. Scope is defined by user population. | | [Entitlement-based certification](/access-review/entitlement-based-certification.md) | Reviews a specific set of entitlements within one or more applications. Sometimes called micro-certifications. | | [Risk event-driven certification](/access-review/risk-event-driven-certification.md) | Automatically triggered for users who experienced a risky event in their profile (title change, supervisor change, or department change). | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs-beta.openiam.com/access-review.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.