Login
Get Started for Free

Essentials of a User Access Review, Part 1

The purpose of an access review is to ensure the right people have the proper access level to your business apps. The benefits for doing access reviews regularly is to avoid security breaches as well as avoiding overspending in licenses. In this article we will go through the essentials of an Access Review.
Essentials of Access Review

The access review process starts with defining the critical apps in your business. In the early stage, it is recommended to select a limited number of apps which are also easy to review. This is to ensure a smooth and quick learning curve to run reviews successfully in your company.

 

Major components of an Access Review

An access review consists of four major components:

  1. The user: you need to import the list of users (email address, first name, last name) using the app. Teisko provides multiple methods for adding users.
  2. The reviewer: you need to define the access reviewer for each user. This is the person who will either approve or revoke the access to the app as well as also checking the user’s role.
  3. The user role: the user’s role, or in other words, their level of access to the app, is critical information for the reviewer. We don’t want people to have admin rights, for example, if it isn’t necessary.
  4. Review status: each user’s access and access level is either approved or revoked by the reviewer.

 

Four simple steps to run a successful Access Review

 

User Access Review Steps

 

The access review process is made up of four steps which each need to be taken care of in order to make it to the next step.

 

1) New: you start by creating a new access review. During this stage, you define

  • a name for the review
  • the deadline for the review
  • the default reviewers for the users
  • the scope of the review by including or excluding users

 

2) Active: when activating a review, an email is sent to all reviewers with a link to the Access Review portal. During this stage you can modify the email before it is sent out to the reviewers. Teisko provides a summary of the progress of the reviews. You may also send reminders to the reviewers.

 

When the reviewer has handled all the users, the portal asks for a confirmation to close the review for their part. This step is mandatory to continue to the next stage. When clicking the ‘I’m finished’ button, the access review is locked, and no further changes can be made by the reviewer.

 

3) Finished: the access review status is automatically set to ‘Finished’, when every reviewer has handled all of their users, and they have clicked the ‘I’m finished’ button. At this point, the Access Review can be closed.

 

4) Closed: when closing the access review, a PDF of the result is automatically generated and attached to the access review page. This can be forwarded to the app owner or person managing the access rights, as well as to the auditors.

 

 

In the next article, we will go deeper into the specifics of an access review. Stay tuned and start the access reviews in your organization for free.

 

Product

Company

Legal

Copyright © 2025 Teisko. All Rights Reserved.