Editing attestation policies (page description)
To open the Edit attestation policy page go to Attestation > Governance Administration > Attestation Policy Settings > (Edit attestation policy).
On the Edit attestation policy page, you can:
-
Set up a schedule after the attestation case is generated
-
Disable the attestation policy
-
Select an identity to be responsible for granting or denying approval of attestation cases
-
Enable or disable automatic closing of obsolete attestation cases by the system
-
Create/edit condition for ascertaining which objects to attest
The following tables give you an overview of the various features and content on the Edit attestation policy page.
Table 229: Controls
Save |
Use this button to save the attestation policy with the changes you have made. |
Delete |
Use this button to delete the attestation policy. |
Cancel |
Use this button to discard the changes to the attestation policy. |
You can change the following main data.
Table 230: Attestation policy main data
Disabled |
Specify whether the attestation policy is disabled or not. Attestation cases cannot be added to disabled attestation policies and, therefore, no attestation is done. Closed attestation cases can be deleted once the attestation policy is disabled. |
Attestation policy |
Enter a name for the attestation policy. |
Description |
Enter a description of the attestation policy. |
Attestation procedure |
Click Assign/Change and specify which objects will be attested with this attestation policy.
NOTE: The selection of the attestation procedure is crucial. The selected attestation procedure determines, amongst other things, the available options when conditions are added. The available options are modified to match the attestation procedure. |
Approval policies |
Specify who can approve the attestations. Depending on which attestation procedure you selected, different approval policies are available. |
Attestors |
Click Assign/Change and then select the identities that can make approval decisions about attestation cases.
NOTE: This field is only shown if you have selected an attestation policy in the Attestation policy menu that demands attestation by an approver (for example, Attestation by selected approvers). |
Calculation schedule |
Specify how often an attestation run is started with this attestation policy. Each attestation run creates a new attestation case respectively. |
Time required (days) |
Specify how many days attestors have to make an approval decision about the attestation cases governed by this policy. If you do not want to specify a time, enter 0. |
Owner |
Select the identity that is responsible for this attestation policy. This identity can view and edit the attestation policy. |
Risk index |
Use the slider to define the attestation policy's risk index. This value specifies the risk for the company if attestation for this attestation policy is denied. |
Compliance frameworks |
Click Assign/Change and select the relevant compliance frameworks for the attestation policy.
Compliance frameworks are used for classifying attestation policies, compliance rules, and company policies according to regulatory requirements. |
Close obsolete tasks automatically |
Specify whether attestation cases pending for this attestation policy are automatically closed if new attestation cases are created (for example, when there is a new attestation run of this attestation policy).
If an attestation run with this attestation policy is started and the option is set, new attestation cases are created according to the condition. All pending, obsolete attestation cases for newly determined attestation objects of this attestation policy are stopped. Attestation cases for attestation objects that are not recalculated, remain intact. |
Approval by multi-factor authentication |
Specify whether approvals about attestation cases governed by this attestation policy require multifactor authentication. |
In the Object selection, you use conditions to specify which objects are to be attested. The following table gives you an overview of the various features in the Object selection view.
Table 231: Controls in the object selection
Adding conditions |
Use this button to create a new condition. Conditions specify which objects to attest. For more information about the different conditions, see Appendix: Attestation conditions and approval policies from attestation procedures. |
Number of objects matching in total |
Click the displayed number to preview all objects that to attest. |
Editing conditions |
Use this button to edit an existing condition. |
Deleting conditions |
Use this button to delete and an existing condition. |
Refresh |
Use this button to update the total number of matching objects. |
Attestation escalation approval (page description)
To open the Attestation Escalation Approval page go to Attestation > Escalation.
If the are attestations pending and the approver responsible is not available for an extended period or has no access to Web Portal, the fallback approver or member of the chief approval team must make an approval decision. For more information about the chief approval team, see the One Identity Manager Attestation Administration Guide.
On the Attestation Escalation Approval, you can display attestation cases grouped by attestation policy and then, on the Attestation Escalation Approval - <attestation policy> page, approve the attestation cases (see Attestation escalation approval – Attestation policy (page description)).
The following table gives you an overview of the various features on the Attestation Escalation Approval page.
Table 232: Columns
Attestation policy |
Shows you the name of the attestation policy for which there are pending attestation cases. |
Attestation Cases |
Shows you how many pending attestation cases there are for this attestation policy and whether they are overdue. |
Review |
Shows you the progress of completed attestation cases in this attestation run. The color of the bar refers to the percentage of the attestation run's progress.
|
TIP: You can show less data by using the column filters. For more information, see Filtering.
Attestation escalation approval – Attestation policy (page description)
To open the Attestation Escalation Approval – Attestation policy page go to Attestation > Escalation > select attestation policy.
On the Attestation Escalation Approval – Attestation policy page, you can:
The following tables give you an overview of the various features and content on the Attestations Escalation Approval – attestation policy page.
Table 235: Columns
Display name |
Shows the name of the object included in the attestation case. |
Attestation policy |
Shows the name of the attestation policy in use. |
State |
Shows the current status of the attestation case.
The following status' are possible:
-
Pending: The attestation case is not closed yet and must still be approved.
-
Approved: The attestation case was approved. In the details pane, on the Workflow tab, you can see why the attestation case was granted approval.
-
Denied: The attestation case was denied. In the details pane, on the Workflow tab, you can see why the attestation case was denied approval. |
New |
Shows whether the attestation case is new.
It is possible that some of the attestation cases have existed for a while and have been approved several times. New cases have not been granted approval yet but might have been denied approval before. |
Due date |
Shows by when the attestation case must be completed. |
Risk index |
Show the attestation case's risk index. |
Approval |
Use these two buttons to make an approval decision about the attestation (see Granting or denying escalated attestation cases).
TIP: If you have made all your approval decisions, click Next to open an overview page and save all the approvals. |
TIP: You can show less data by using the column filters. For more information, see Filtering.
NOTE: On the following tabs, you can show other useful information about each instance in the details pane. To do this, click the appropriate instance in the list.
-
Information: Displays general information about the attestations case.
-
Workflow: Shows the chronological lifecycle of the attestation case.
-
Attestation policy: Shows further information about the attestation policy used.
-
History: Shows the object's attestation history.
Attestation escalation – Approvals (page description)
To open the Attestation Escalation Approval – Approvals page go to Attestation > Escalation > Click an attestation policy > Make approval decision > Next.
After you have made your approval decisions on the Attestation Escalation Approvals page, you can save the approval decisions on the Pending Attestation Approval – Approvals page so that they take effect. You can also enter reason for the approval decisions here. For more information, see Granting or denying escalated attestation cases.
The following tables give you an overview of the various features and content on the Attestation Escalation Approval – Approvals page.
Table 236: Controls
Reason for approvals |
Enter a reason for all approved attestations here. |
Standard reason |
Here you can select one of the standard reasons saved in the system for all approved attestations. |
Reason for denials |
Enter a reason for all denied attestations here. |
Standard reason |
Here you can select one of the standard reasons saved in the system for all denied attestations. |
Save |
Use this button to save all the settings and approval decisions. |
Back |
Use this button to switch to the previous page. For example, to approve other attestations. |
Table 237: Columns
Display name |
Shows you the name of the object to be attested. |
Attestation policy |
Shows the name of the attestation policy in use. |
Due date |
Shows by when the attestation case must be completed. |
Risk index |
Show the attestation case's risk index. |
Reason |
Here you can enter a reason for the decision. To do this, click on the button and, in the dialog, enter a reason or select one of the standard reasons. |
TIP: You can show less data by using the column filters. For more information, see Filtering.