Chat now with support
Chat mit Support

Identity Manager 8.2.1 - Attestation Administration Guide

Attestation and recertification
One Identity Manager users for attestation Attestation base data Attestation policies Sample attestation Custom mail templates for notifications Suspending attestation
Approval processes for attestation cases
Approval policies for attestations Approval workflow for attestations Selecting attestors Setting up multi-factor authentication for attestation Prevent attestation by employee awaiting attestation Attestation by peer group analysis Managing attestation cases
Attestation sequence Default attestation and withdrawal of entitlements User attestation and recertification Mitigating controls Setting up attestation in a separate database Configuration parameters for attestation

Attestation history

The attestation history displays each step of an attestation case. Here you can follow all the approvals in the approval process in a chronological sequence. The attestation history is displayed for pending and closed attestations.

To display an attestation case in the attestation history

  1. In the Manager, select the Attestation > Attestation runs > <attestation policy> > Attestation runs > <year> > <month> > <day> category.

  2. Select the Pending attestations or the Completed attestations filter.

  3. Select an attestation case from the result list.

  4. Select the Attestation history report.

These elements are colored. The color code reflects the status of the approval steps.

Table 34: Meaning of colors in the attestation history

Color

Meaning

Yellow

Attestation case set up.

Green

Attestor has approved.

Red

Attestor has denied.

Attestation has been escalated.

Approver has recalled the approval decision

Gray

Attestation has been canceled.

Case has been assigned to an extra attestor.

Additional attestor has withdrawn approval decision.

Approval has been delegated.

New attestor has withdrawn the delegation.

Orange

Attestor has a question.

The query has been answered.

Query was canceled due to change of approver.

Blue

Approver has rerouted approval.

The approval step was reset automatically.

Reports about attestation cases

One Identity Manager makes various reports available containing information about the selected base object and its relations to other One Identity Manager database objects. The Attestation cases report is available for attestors. The report shows all the attestor's pending and closed attestation cases. Attestors can use this report to make approval decisions in the Manager about attestation cases.

To display the Attestation cases report for an employee

  1. In the Manager, select the Employees > Employees category.

  2. Select the employee in the result list.

  3. Select the Attestation cases report.

  4. If a report has been defined for the attestation case, you can view it using the button in the View report column.

  5. (Optional) To approve pending attestation cases

    1. Select the Pending attestation cases tab.

    2. Select an attestation case and enable the Approve or the Deny option in the list.

    3. Enter the Reason for decision or select a Standard reason.

    4. Click Carry out approval.

Modifying approval workflows for pending attestation cases

When approval workflows are changed, a decision must be made as to whether these changes should be applied to pending attestation cases. Configuration parameters are used to define the desired procedure.

Scenario: Another approval workflow was stored with the approval policy

The newly stored workflow is only used in new requests. If changes have been made to the approval workflow in an approval policy, any pending approval procedures are continued by default with the original workflow. The newly stored workflow is only used in new attestation cases. You can configure different behavior.

To specify how to handle pending attestation cases

  • In the Designer, enable the QER | Attestation | OnWorkflowAssign configuration parameter and select one of the following values.

    • CONTINUE: Ongoing approval processes are continued with the originally applicable workflow. The newly stored workflow is only used in new attestation cases.

      This behavior also applies if the configuration parameter is not set.

    • RESET: In ongoing approval processes, all approval decisions already taken are reset. The approval processes are restarted with the newly stored workflow. The attestation cases are run through the approval process again.

    • ABORT: Ongoing approval processes are stopped. All pending attestation cases are closed. The next automatic or manual start of the attestation uses the new approval workflow.

A working copy of the originally applicable workflow is saved. The working copy is retained as long as it is used in ongoing approval processes. All unused working copies are regularly deleted using the Maintenance approval workflows schedule.

Scenario: A change was made to an approval workflow in use

If changes have been made to an approval workflow that is being used in pending attestation cases, any pending approval processes are continued by default with the original workflow. The changes to the approval workflow are only implemented for new attestation cases. You can configure different behavior.

To specify how to handle pending attestation cases

  • In the Designer, enable the QER | Attestation | OnWorkflowUpdate configuration parameter and select one of the following values.

    • CONTINUE: Ongoing approval processes are continued with the originally applicable approval workflow. The changes to the approval workflow are only implemented for new attestation cases.

      This behavior also applies if the configuration parameter is not set.

    • RESET: In ongoing approval processes, all approval decisions already taken are reset. The approval processes are restarted with the changed approval workflow. The attestation cases are run through the approval process again.

    • ABORT: Ongoing approval processes are stopped. All pending attestation cases are closed. The next automatic or manual start of the attestation uses the changed approval workflow.

A working copy of the approval workflow that contains the original version is saved. This working copy is retained as long as it is used in ongoing approval processes. All unused working copies are regularly deleted using the Maintenance approval workflows schedule.

Related topics

Closing attestation cases for deactivated employees

Pending attestation cases must still be processed even if they have permanently deactivated in the meantime. This is not required very often because the affected employee may have, for example, left the company. In this case, you can use the option to close an employee's pending attestation cases automatically, if the employee is permanently disabled.

To close attestation cases automatically

  • In the Designer, set the QER | Attestation | AutoCloseInactivePerson configuration parameter.

The configuration parameter only applies if the employee to be attested is deactivated after the attestation case was created.

The configuration parameter does not apply if the employee is temporarily deactivated.

TIP: Write a corresponding condition for finding the attestation object on the attestation policies to prevent attestation cases being created for deactivated employees. For more information, see General main data of attestation policies.
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen