Editing Access Review App Settings

Last updated: October 7, 2024

Background

You've added apps to your access review (see📄 Choosing Access Review Apps). Now you need to make sure that the app settings are just right. Use this guide to review the various app settings so that you're configuring things the way you want.

Once you're done, assign the reviewers! See📄 Assigning Reviewers and Launching Your Access Review

If you want to edit the access review as a whole, not just a specific app, click here:📄 Editing Access Review App Settings

App Review Admin

If you need to edit the App Review Admin for an app, follow the steps below.

1. Click "Edit Apps".

2. Click the initial in the "Reviewer" column and change the employee.

3. Click "Save Changes".

Review By

You have two options here, Accounts or Permissions. You can find in-depth guidance on which one to choose here:📄 Choosing Account or Permission Access Reviews

Default Removal Method

For each app in your review, you can set a default removal method.

This will determine the type of automated removal that runs on your rejected accounts, if any. A description of the options are below.

  • Suspend:  Suspends rejected accounts. Only available for supported integrations.

  • Deprovision:  The action taken here is dependent on the integration. Only available for supported integrations.

  • Webhook:  You can run a webhook for each rejected account, which can automatically remove access. See 📄 Extending Lumos With Webhooks

  • Manual:  This presumes that someone will manually remove rejected access outside of Lumos and upload evidence of removal into Lumos after completion.

Depending on the source(s) of your app, you may not see all the options. At minimum, you'll always see Manual and Webhook.

Evidence Requirements

Depending on how you run access reviews at your company, you may want to require evidence to be uploaded even after Lumos has automatically removed the access (via Suspend, Deprovision, or Webhook options). If this is the case, choose Require for All Removals.

If you choose Default Removal, it's assumed that Lumos removing access post-review and including this evidence in the audit report is sufficient for your auditors.