USER ACCESS REVIEW

A user access review for RACF Account's is generated as part of the Access

Recertification Program. These reviews are assigned to the Manager'sC whose direct

reports have access to RACF (AFC and/or BCD Regions) are in scope for this certification.

The Manager's will receive a review request email which includes an embedded link to

the Identity and Access Management (IAMS) application where a Direct Report's access

can be reviewed.

STEP 1: START AN ACCESS REVIEW

1. The manager will, Click the link the email to access IAMS (as shown here)

This document explains the steps that are needed to complete the Manager Certification for RACF Account access for BCD and AFC Regions. The Manager Certification also known as the ‘RACF Manager

Certification Campaign’ for AFC and BCD applications will require all the Manager to certify their Direct Reports who have a RACF AFC and/or BCD Account. The campaign will be launched monthly (in

the beginning of a month) for the set of people who's RACF Re-certification date is set to expire in a month, for example: a certification will be launched in June for a user who has the Certification End Date as

07/10/2018.

John Doe

As per the MTA Security Team's continual efforts to protect MTA data and comply with policy and regulatory requirements, it is mandatory that you perform a periodic review of your direct reports access to RACF BCD System. A new access recertification request is waiting for your completion in MTA IAMS. Click on the link to access the certification

RACF BCD Manager Access Review for John Doe

As their manager, you must certify that:

1. The users have a legitimate business need to access the RACF System. 2. The access levels are appropriate based on their current job function. To Complete the Certification 1. Login to IAMS from the link above. If the above links do not work, copy and paste the following link into your browser: https://myaccess-iiq.nymta.info/identityiq/certification/certification.jsf#/certification/8ab2ceec6302acda01636a5040cc2906 2. Click on the Access review on the dashboard, Select Approve or Revoke for each of your direct reports. You can also do a Bulk Action at once. 3. Once done, Click Save Changes to save the work 4. Click on ‘Finish’ in the pop-up window to Sign Off. If you have any questions please consult the http://web.mta.info/IAMS/IAMS_WorkflowSystem.htm, review the RACF Certification Section under IAMS Workflow System Training Materials.

Thank You, IAMS Workflow System

1

STEP 2: Access Review Page

1. By clicking the link in the email. A Manager will be presented with the IAMS

Login Page. Once logged in with the BSC ID and Password. The Manager will

be redirected to the access review page as shown.

2. Decision column contains the Approve/Revoke Options

3. Due Date indicates the number of days that are remaining for the campaign

to complete.

1

.

S

e

l

e

c

t

A

p

p

r

o

v

e

o

r

R

e

v

o

k

e

2

.

C

l

i

c

k

o

n

S

a

v

e

D

e

c

i

s

i

o

n

s

t

o

s

a

v

e

t

h

e

w

o

r

k

1

STEP 3: REVIEW ACCESS AND SIGNOFF

Manager can review the accounts for his/her direct reports and either approve or

revoke each access. The incomplete review can be saved for a later action, but

the review is expected to be completed and signed off in the timeframe specified

in the email.

1. Select Approve or Revoke

2. Click on Save Decisions to save the work

3. Sign Off Decisions

4. Finish Pop-up

2

.

S

e

l

e

c

t

A

p

p

r

o

v

e

o

r

R

e

v

o

1

.

S

e

l

e

c

t

A

p

p

r

o

v

e

o

r

R

e

v

o

k

e

2

.

C

l

i

c

k

o

n

S

a

v

e

D

e

c

i

s

2

.

S

e

l

e

c

t

A

p

p

r

o

v

e

o

r

R

e

v

o

k

e

2

.

C

l

i

c

k

o

n

S

a

v

e

D

e

c

i

s

i

o

n

s

t

o

s

a

v

e

t

h

e

w

o

r

k

1

2

See

Next

Page

3

.

S

e

l

e

c

t

A

p

p

r

o

v

e

o

r

R

e

v

o

k

e

2

.

C

l

i

c

k

o

n

S

a

v

e

D

e

c

i

s

i

o

n

s

t

o

s

4

.

S

e

l

e

c

t

A

p

p

r

o

v

e

o

r

R

e

v

o

k

e

2

.

C

l

i

c

BULK ACTION (An Alternative Way of Approval)

You may use the bulk action function to approve or revoke all the items. Should you

have to perform access review on many direct reports at once.

1. Click the box next to First Name and either do a Select Page or Select

Everything (if you have pages worth of direct reports to review).

2. Under Bulk Decisions choose Approve or Revoke. This action applies to all the

Direct Reports.

3. Click Save Decisions

4. Sign-off Decisions followed by Finish Pop-up windows to Sign Off.

1

2

See

Next

Page

3 4

5