Introduction

Note: Your screen may look different from the screenshots in this article.

Per CSU Information Security Policy, each year supervisors of staff with elevated access in my.SDSU will be asked to review the access of their direct reports in my.SDSU. 

This guide will review the process of completing the annual my.SDSU User Access Review using the OnBase Web Tool.

Instructions

Supervisors of staff with elevated access in my.SDSU will receive an email notification from the OnBase system with instructions on how to complete the review process. 

The email will also contain a direct link to the workflow process where they can review their direct reports. 

If using the direct link in the email, proceed to step 4. 

If you cannot access the OnBase email notification containing the direct link, please start at step 1. Steps 1 through 3 review how to navigate OnBase to find your direct work items. 

1. Log on to either the OnBase web client or the OnBase desktop application.
   
   
2. On the top left corner of the page, select Document Retrieval > Open Workflow.
   
   
   
3. On the left side menu under Life Cycle View, select the expand > icon next to ERP-SEC03 my.SDSU Annual User Access Review. Then select SEC03 Supervisor Review.
   
   
   
4. In your Inbox, you will see a list of your direct reports whose access you need to review. Select an entry to begin.
   

   Open the image full screen.

   
   
   

   Note: You may only see some of your direct reports. You will not need to review roles that are automatically assigned, such as Faculty, Staff, Student, or Department Chair, so your direct reports who only have those roles may not be listed in OnBase.

   If you would like to confirm why you are not seeing a particular staff member, you can submit a ServiceNow ticket.

5. The my.SDSU User Access Review form will load in the viewing pane below. 

   Below the Employee Information and Manager Information sections, you will see a Roles Granted section.
   

   Open the image full screen.

   
   
   

6. In the Roles Granted section, you will see a list of the user's roles in my.SDSU. 

   For each role, you will have the option to Retain or Revoke access. The default option is Retain. You can optionally add Notes/Comments about why you are retaining or revoking access.  

   Select Click here to show/hide the Role Description or navigate to the my.SDSU Role Documentation Google Drive Folder to view a description of the role.
   

   Open the image full screen.

   
   
   

7. Once you have reviewed the roles and selected Retain or Revoke access for each, select the checkbox under Supervisor Certification. Then, select Save Form.
   

   Open the image full screen.

   
   
   
8. You will see a message that the form has been saved.
   
   
   
9. After you submit the form, select Review Complete under Inbox.
   

   Open the image full screen.

   
   
   

10. If you checked the Supervisor Certification checkbox and the form was submitted successfully, the item will now disappear from your inbox and no further action is needed. 

    If you did not check the Supervisor Certification checkbox or if the form was not submitted successfully, you will see a message confirming that you have reviewed the user’s role access. Select Certify.
    

    Open the image full screen.

11. Once you submit the certification, your participation in this process is complete. The form will no longer appear in your inbox. Repeat steps 3-10 for the rest of the users in your inbox.

    The completed forms will get routed to the security team to make any updates and file.

12. If there is a user in your inbox who does not report to you, select Incorrect Supervisor/Manager to remove them from your queue.
    

    Open the image full screen.