Managing my system entitlements' attestation cases
You can use attestation to test the balance between security and compliance within your company. Managers or others responsible for compliance can use One Identity Manager attestation functionality to certify correctness of permissions, requests, or exception approvals either scheduled or on demand. Recertification is the term generally used to describe regular certification of permissions. One Identity Manager uses the same workflows for recertification and attestation.
There are attestation policies defined in One Identity Manager for carrying out attestations. Attestation policies specify which objects are attested when, how often, and by whom.Once an attestation is performed, One Identity Manager creates attestation cases that contain all the necessary information about the attestation objects and the attestor responsible. The attestor checks the attestation objects. They verify the correctness of the data and initiate any changes that need to be made if the data conflicts with internal rules.
Attestation cases record the entire attestation sequence. Each attestation step in an attestation case can be audit-proof reconstructed. Attestations are run regularly using scheduled tasks. You can also trigger single attestations manually.
Attestation is complete when the attestation case has been granted or denied approval. You specify how to deal with granted or denied attestations on a company basis.
Detailed information about this topic
Displaying my system entitlements' attestation cases
You can display attestation cases that involve system entitlements for which you are responsible.
In addition, you can obtain more information about the attestation cases.
To display attestation cases
-
Open the home page.
-
On the Home page, in the My Responsibilities tile, click System entitlements.
-
On the System Entitlements page, click the system entitlement whose attestation cases you want to display.
-
In the Edit System Entitlement pane, click the Attestation tab.
This displays all the system entitlement's attestation cases.
-
(Optional) To display more details of an attestation case, click Details next to the attestation case.
Related topics
Approving and denying my system entitlements' attestation cases
You can grant or deny approval to attestation cases of system entitlements for which you are responsible.
To approve an attestation case
-
Open the home page.
-
On the Home page, in the My Responsibilities tile, click System entitlements.
-
On the System Entitlements page, click the system entitlement whose attestation cases are pending your approval.
-
In the Edit System Entitlement pane, click the Attestation tab.
-
On the Attestation tab, click (Filter).
-
In the filter context menu, select the Pending option.
-
Perform one of the following actions:
-
To approve an attestation case, in the list, select the check box next to the attestation case and click Approve below the list.
-
To deny an attestation case, in the list, select the check box next to the attestation case and click Deny below the list.
-
(Optional) In the Approve Attestation Case or the Deny Attestation Case pane, perform the following actions:
-
In the Reason for your decision field, select a standard reason for your approval decision.
-
(Optional) In the Additional comments about your decision field, enter extra information about your approval decision.
TIP: By giving reasons, your approvals are more transparent and support the audit trail.
-
Click Save.
Related topics
Managing my system roles
System roles combine company resources that must always be assigned to identities together into a single package. Different types of company resources can be grouped into one system role, such as Active Directory groups, software, and resources. System roles can be assigned to user accounts, requested, or inherited through hierarchical roles. Employees and workdesks inherit company resources assigned to the system roles.
You can perform a variety of actions regarding system roles that you manage and gather information about them.
Detailed information about this topic