Notifications
Clear all
Topic starter
24/06/2026 6:54 pm
TL;DR: Access review bottlenecks are reduced by certification campaigns that add multiple reviewers, clearer workflows, improved decision tracking, and expanded language support, according to Netwrix. The governance value lies in shortening review friction without weakening accountability, which matters for IAM teams running human and non-human lifecycle controls.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: How should IAM teams reduce bottlenecks in access review campaigns?
A: IAM teams should distribute certification workload across multiple reviewers when campaigns regularly stall, but they must keep final ownership and escalation rules explicit.
Q: What makes an access review process defensible in an audit?
A: A defensible access review process produces clear evidence of who reviewed each item, what decision was made, and what remediation followed.
Practitioner guidance
- Separate reviewer load from reviewer ownership Assign multiple reviewers where campaign volume regularly exceeds what a single approver can realistically complete, but preserve a clear owner for final accountability.
- Track decision evidence inside the campaign record Require each access review item to retain reviewer identity, decision state, and remediation outcome so audit evidence is assembled as the workflow runs.
- Test certification usability with business approvers Run access review pilot campaigns with the actual reviewer population, especially in distributed teams, and check whether action indicators and status labels are understood without IAM team intervention.
What to expect at the briefing
Netwrix's full webinar covers the operational detail this post intentionally leaves for the source:
- A walkthrough of the updated certification workflow and where the new reviewer assignment pattern changes day-to-day administration.
- A preview of the clearer UI and action indicators that make campaign status easier to interpret for reviewers and operators.
- Speaker-led discussion of expanded native language support and how it affects distributed governance teams.
- Upgrade and version lifecycle expectations that matter when planning rollout and maintenance.
👉 Watch Netwrix's on-demand webinar on Identity Manager 7.0 certification workflow updates →
Certification campaigns in Identity Manager 7.0: what changes for teams?
Explore further
25/06/2026 3:56 am
Access review quality is a workflow problem before it is a policy problem. Certification campaigns usually fail because the programme cannot sustain reviewer throughput, decision clarity, and traceability at the same time. When those three elements are weak, the organisation may still be doing reviews, but it is not reliably governing access. Practitioners should treat campaign design as an operational control surface, not an administrative afterthought.
A few things that frame the scale:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to the State of Non-Human Identity Security.
- Lack of credential rotation is cited as the top cause of NHI-related attacks by 45% of organisations, according to the State of Non-Human Identity Security.
A question worth separating out:
Q: How can organisations improve access review quality without adding friction?
A: Organisations can improve access review quality by simplifying reviewer instructions, reducing ambiguous statuses, and checking that the process works in the languages used by approvers. The best campaigns are easy to complete and easy to evidence. If reviewers need IAM support to interpret the workflow, the design needs work.
👉 Read our full editorial: Access review workflows in Netwrix Identity Manager 7.0
