Chatta subito con l'assistenza
Chat con il supporto

Identity Manager 9.3 - Attestation Administration Guide

Attestation and recertification
One Identity Manager users for attestation Attestation base data Attestation types Attestation procedure Attestation schedules Compliance frameworks Chief approval team Attestation policy owners Standard reasons for attestation Providing terms of use for attestation Attestation policies Sample attestation Grouping attestation policies Custom mail templates for notifications Suspending attestation Automatic attestation of policy violations
Approval processes for attestation cases
Approval policies for attestations Approval workflow for attestations Selecting attestors Setting up multi-factor authentication for attestation Prevent attestation by identity awaiting attestation Automatic acceptance of attestation approvals Phases of attestation Attestation by peer group analysis Approval recommendations for attestations Managing attestation cases
Attestation sequence Default attestations Mitigating controls for attestation policies Setting up attestation in a separate database Configuration parameters for attestation

Canceling incomplete attestation runs

If errors that occur when attestation cases are being generated for an attestation run, cannot be corrected the incomplete attestation run can be canceled. After that, attestation can be restarted with the affected attestation policy.

As long as an incomplete attestation run still exists for an attestation policy, attestation cannot be restarted. If attestation needs to be started although a incomplete attestation run still exists, the attestation run must be canceled.

To cancel an incomplete attestation run

  1. In the Manager, select the category

    • Attestation > Incomplete attestation runs > Attestation policies > <attestation policy>. - OR -

    • Attestation > Incomplete attestation runs > Policy collections > <policy collection>.

  2. Select the attestation run in the result list.

  3. Select the Change main data task.

  4. Select the Cancel attestation run task.

  5. Confirm the security prompt with Yes.

There are no new attestation cases generated. All pending attestation cases are canceled and the attestation run is labeled as canceled.

Related topics

Displaying canceled attestation runs

All the attestation runs that are canceled manually are displayed in the Manager.

To display a canceled attestation run

  1. In the Manager, select the category

    • Attestation > Canceled attestation runs > Attestation policies > <attestation policy> - OR -

    • Attestation > Canceled attestation runs > Policy collections > <policy collection>.

  2. Select the attestation run in the result list.

  3. Select the Attestation run overview task.

    This shows you an overview of the denied and approved attestation cases in this attestation run.

Related topics

Reports about attestations

One Identity Manager makes various reports available containing information about the selected base object and its relations to other One Identity Manager database objects. You can use attestations to generate the following reports.

Table 40: Reports about attestations
Report

Published for

 Description

Overview attestation run results

Attestation policy

 This report shows the results of an attestation run for the selected attestation policy.
Overview attestation run results including attestation history

Attestation policy

 This report shows the results of an attestation run for the selected attestation policy including the attestation history.
Detailed status of an attestation run

Attestation policy

 This report shows the detailed status of an attestation run including the estimated completion date.
Detailed status of an attestation run including approval history

Attestation policy

 This report shows the detailed status of an attestation run including the estimated completion date and attestation history.

Overview attestation run results

Policy collection

This report shows the results of an attestation run for the attestation policies from the selected policy collection.

Default attestations

One Identity Manager provides various default attestation procedures for different data situations and default attestation procedures.

Data situations for default attestations:

  • System entitlements owned by an identity

  • System entitlements assigned to system entitlements

  • System entitlements assigned to hierarchical roles

  • System roles assigned to an identity

  • Company resources assigned to system roles

  • System roles assigned to hierarchical roles

  • Business and application role memberships

  • New One Identity Manager user's main data

  • Existing One Identity Manager user's main data

  • Attestation of access to OneLogin applications.

  • Attestation of unused access to OneLogin applications.

The attestation polices required for attesting identity main data are also supplied by default. You can also use the default supplied attestation policies without modifying them. The prerequisites and the attestation sequence for identity main data are described in User attestation and recertification.

Default attestation policies and default attestation procedures are provided for recertification of unused entitlements under Behavior Driven Governance. For more information on how to use these, see the One Identity Manager Administration Guide for Behavior Driven Governance.

You can set up attestation policies easily in the Web Portal using default attestation procedures for other data situations. You can also use the default attestation policies supplied without customizing them. Furthermore, you can configure how to deal with denied attestations that are based on these default attestation procedures. For more information, see Configuring withdrawal of entitlements.

A default policy collection and a default sample are provided to attest a selection of identities along with all their entitlements and memberships. The policy collection combines all default attestation policies required for this purpose. For more information, see Configuring sample attestation of identities and their entitlements.

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione