As an Administrator or Campaign Administrator, certify group memberships by creating on-demand Identity Collections Review campaigns from the Oracle Access Governance Console. These can be one-time or periodic policy review campaigns.

Currently, you can certify group membership for systems managed by Oracle Cloud Infrastructure (OCI) and Oracle Access Governance. If you choose to review OCI IAM groups and it contains a few members provisioned from Oracle Access Governance, then with this review, you can only accept or revoke directly assigned members. For members provisioned from Oracle Access Governance, choose to review the OCI Access Bundles using the Which permissions? tile.

Campaigns are created from the Oracle Access Governance Console. Go to Campaigns page to launch the on-demand access review process.

1. Log in to the Oracle Access Governance Console.
2. Select one of the following options to navigate to the screen:
   • On the Oracle Access Governance Console home page, select the Access Reviews tab. Select the Define a new campaign tile.
   • From the Navigation Menu, select Access Reviews, and then Campaigns. From the Campaigns page, select Create a campaign.
3. Select one of the system types for which you want to run Campaigns. For more information, see Eligible System Types to Launch Access Review Campaigns.
   On the Create a new access review campaign workflow page, define the selection criteria for your campaign.

In the Selection criteria dimension, you select appropriate criteria for your Policy Review Campaigns. All criteria can be searched by name.

1. Select one or more criteria tiles that you wish to include in any order. You don't need to update each criteria. The selection values are derived from the integrated orchestrated system. Available tiles are:

   Option	Description
   Which tenancies?	To filter and select cloud account. Select the Refine further link to select compartment and domain for your cloud account. Available only for Oracle Cloud Infrastructure (OCI) system.
   Which identity collections?	To filter and select identity collections for which you wish to review the group membership. You can search specific policy by its name or add filters on policy's creation date to limit the scope of your search results.

2. After selection, select Apply my selections.
3. To update your selection criteria, select the Modify button on the relevant tile.
   The panel on the right-side of the page shows you the effect of your selection and provides you with an estimate of included policies considered for review.
4. Once you've made your selection, select I'm good, go to workflows button to proceed to the Assign workflow dimension.

In the Assign Workflow dimension, you select the approval workflow for your access review.

1. Select which approval workflow you want to assign to this access review campaign.
   A list of the available workflows shows all approval workflows defined in your system. Consider Self Certification Guardrails and Fallback Mechanism in Access Review before selecting the workflow. For details on how to create and manage approval workflows see Create Approval Workflow and Manage Approval Workflow.
2. After you have selected your workflow, click the View approval workflow link to see a graphical representation of the selected workflow.
3. Select the scope of justification required for review decisions. You can select for reviewers to add comments for all the review decisions, for revoke decisions only, or keep the justification field as optional.
4. Select Next to proceed to the Add details dimension.
   At any point of time, select Save draft to save your campaign and pick up later to work on the details.

In the Add Details dimension, select campaign schedule cycle, give a meaningful name to your campaign, add a supporting description, and assign values to additional attributes, such as campaign owner, and when the campaign should start or end.

1. Select an appropriate schedule cycle in the How often do you want this to run? field.
2. In What do you want to call this campaign?, enter a unique campaign name.
3. In How do you want to describe this campaign, enter campaign description.
4. In the Who owns this campaign? field, select campaign owner.
   Consider Self Certification Guardrails and Fallback Mechanism before assigning the campaign owner.
5. Based on the schedule cycle selected in Step 1, select the time at which you want to launch the campaign.
   • For One-Time, select either Run now or Schedule Later. By default, the campaign is set to begin at the top of the next hour, the following day of campaign creation.
   • For campaign series, select the calendar icon and select the start and end date and time for the campaign.
6. Once you have set your preferences, select Next to go to the Review and submit dimension.
7. Optional: You may select one of the additional actions:
   • Save Draft: To save your changes and later come back and edit the workflow or details.
   • Cancel: To cancel the current process.
   • Back: To go back to the previous step.

In the Review and submit dimension, review the campaign details and create the campaign.

1. Review the campaign information. For any changes, select the Back button.
2. Select Create. The campaign is successfully scheduled.