Certification Process Steps

Environment Level Review

The certification review is initiated on the Environment level. To support the process PlainID provides the Get Environment Applications API. This API lets you receive the list of Applications managed within an Environment and their details, including:

• Application ID
• Application Name
• Associated ClientID (Scope)
• Authorization Workspace ID
• Authorization Workspace Name

Application Level Review

After reviewing all Applications within an Environment, the certification review continues on the Application level. This review allows certification of all Policies that are connected to a given Application. As the Platform access decision is calculated and aggregated by all active Policies in the Application/ Scope, it's required to certify Policies on the Application level and not as a standalone Policy.

To support the process, the Platform provides the Get Application Policies API to receive the list of Policies associated with this Application, including:

• Policy ID
• Policy Name
• Access Type
• Policy State

The Policies are grouped based on Access Policies and Restrictive Policies.
Policy IDs serve as unique identifiers for Policies, facilitating smooth integration with other APIs during the certification process.

Policy Review

As part of the certification process, a detailed review of each policy is required. This Review ensures that policies are consistent across an organization or system. This standardization helps reduce the likelihood of errors, misconfigurations, and inconsistencies that could lead to security breaches.

To support the process of Policy detailed review, the Platform provides the Export Policy API to receive the full Policy definition in structured Rego code. For more information, see Structured Rego.

The Policy metadata includes:

• Policy ID
• Policy Name
• Description
• Access Type

The Policy Building Blocks definitions and metadata include:

• Dynamic Group definitions
• Condition definition
• Actions
• Ruleset definitions

Process Validation and Completion

At this stage, those responsible for Certification need to validate the Policy and review the most recent modifications. To support the process of validating Policies, the Platform provides the Get Administration Audit Events API to retrieve administrative audit events within a specific Environment. Through this API, customers can view and monitor the audit trail of recent Policy modifications, and modifications in Building Blocks definitions.

To utilize this functionality, configure the relevant filters for the API call, including:

• Timelines: typically set from the last Certification date
• Object ID: Policy Id obtained from the Policy review level. Query param: filter[resourceId][like]

After reviewing the latest modifications, it is possible to proceed with certifying the Policy.