Suggestions to better manage semi-annual user re-certification exercise?

New Contributor II

Hi all,

In our OneStream environment, we have few hundred users and few thousand groups to which these users are assigned to for granular access.

Want to check these with OneStream admin Gurus:

1) Currently the semi-annual user re-certification exercise is done manually by extracting the OneStream user/group access reports and asking the approvers to re-certify. This is proving to be cumbersome exercise. How do you all do this in your environment?  Are there any best practices about this?

2) Have you used or seen/heard about a third-party tool like SailPoint being used to manage OneStream user / group access and resulting re-certification activities? How difficult it was to build integration between a tool like SailPoint and OneStream?

I would love to hear your experiences.

Thanks in advance for any experience sharing.


New Contributor II

I hope to see some response from Onestream Admin experts in the group.

I would also like to check if ACM is the right solution for the problem that I described in my post?

Thanks in advance.

New Contributor III

From my past experience it highly depends on who the request is coming from and the requirements given.  I worked for a publicly traded manufacturing company and the auditors wanted proof that the security information file came directly out of OneStream and then wanted the assistant controller to review each user's access and send back a certified/signed file with notes and a signature.  There's not much you can do if the requirements are strict, but keep fighting the good fight.

Contributor III


We do something similar to your #1 - we extract the security reports out of OS along with screenshots showing we ran them from OS as of a date and time for the auditors. The only difference is that we have one person responsible for understanding users and security so we have him review and approve the control before forwarding to the auditors. Nothing automated unfortunately though less people involved in ours so less time overall required.