Chatee ahora con Soporte
Chat con el soporte

Identity Manager 9.2 - Attestation Administration Guide

Attestation and recertification
One Identity Manager users for attestation Attestation base data Attestation types Attestation procedure Attestation schedules Compliance frameworks Chief approval team Attestation policy owners Standard reasons for attestation Attestation policies Sample attestation Grouping attestation policies Custom mail templates for notifications Suspending attestation Automatic attestation of policy violations
Approval processes for attestation cases
Approval policies for attestations Approval workflow for attestations Selecting attestors Setting up multi-factor authentication for attestation Prevent attestation by identity awaiting attestation Automatic acceptance of attestation approvals Phases of attestation Attestation by peer group analysis Approval recommendations for attestations Managing attestation cases
Attestation sequence Default attestations Mitigating controls Setting up attestation in a separate database Configuration parameters for attestation

Displaying the sample overview

You can display the most important information about a sample on the overview form. You can display the attestation policy that is used with sample.

To obtain an overview of a sample

  1. In the Manager, select the Attestation > Samples category.

  2. Select the sample in the results list.

  3. Select the Sample overview task .

Related topics

Default sample for attesting memberships in system entitlements

A default sample is provided for attesting memberships in system entitlements after organizational changes. This sample data is determined automatically. This identifies all individuals whose manager or primary department, cost center, or business role assignment has changed since the previous attestation. All memberships are attested whose user accounts are associated with these individuals.

To use attestation of memberships in system authorizations after organizational changes

  1. In the Designer, set the QER | Selections | PersonOrganizationalChanges configuration parameter.

  2. Create a schedule and assign it to the System entitlement memberships after organizational changes attestation policy. By doing this, you replace the schedule assigned by default.

    • Enable the schedule.

Once an attestation run is complete, the sample data is deleted. As soon as an individual's organizational data changes, they are included in the sample. This ensures that the sample always includes only those individuals whose organizational data has changed since the previous attestation.

TIP: Sample data is calculated by the QER_Person_Add_to_PickCategory_Organizational_Changes process. You can customize the generating condition of this process.

Related topics

Default sample for attesting identities

There is a default sample, Individual selection of identities, provided for attesting identities. This sample is used for the Identity attestation policy collection. The sample data must be assigned manually.

Related topics

Grouping attestation policies

Different attestation policies can be combined into a collection allowing the attestations to start simultaneously. For example, this can be used in the context of an audit, when different attestations are run that have related content.

Related attestation policies can be grouped together into policy collections. Policy collections must be assigned a schedule for running these attestation policies. Use a sample to limit the set of objects to attest for all assigned attestation policies.

The following applies:

  • An attestation policy can be assigned to only one policy collection.

  • Attestation policies that belong to a policy collection cannot be started separately.

  • When samples are attested, the same sample is used for all the attestation policies that belong to one policy collection.


The following properties of all identities in department D are going to be attested:

  • Primary and secondary membership in business roles

  • Linked user accounts

  • Assigned system entitlements

These attestations must always be performed simultaneously.

The following objects must be created for this purpose:

  1. Attestation procedure for the Person, PersonInOrg, UNSAccount, UNSAccountInUNSGroup tables

  2. A schedule

  3. A sample the find all identities assigned to department D

  4. A policy collection that uses the schedule and sample

  5. Attestation policies that use the attestation procedures and the policy collection

Related topics
Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación