Chatta subito con l'assistenza
Chat con il supporto

Identity Manager 8.2.1 - Web Designer Web Portal User Guide

General tips and getting started Security keys (WebAuthn) Requests
Requesting products Saved for Later list Request templates Pending requests Displaying request history Resubmitting requests Canceling requests Renewing products with limit validity periods Unsubscribing products Displaying approvals Undoing approvals Request inquiries Auditing requests Escalated requests
Attestation
Managing attestations Attestors for attestation cases Sending attestation reminders My attestation cases Pending attestations Displaying attestation history Attestation inquiries Auditing attestations Escalation
Compliance Responsibilities
My responsibilities
Specifying keywords for requestable products Managing my departments Managing my application roles Managing my devices Managing my business roles Managing my identities Managing my cost centers Managing my multi-request resources Managing my multi requestable/unsubscribable resources Managing my resources Managing my software applications Managing my locations Managing my system entitlements Managing my system roles Managing my assignment resources
Delegating tasks Ownerships Auditing
Auditing departments Auditing application roles Auditing devices Auditing business roles Auditing identities Auditing cost centers Auditing multi-request resources Auditing multi requestable/unsubscribable resources Auditing resources Auditing software Auditing locations Auditing system roles Auditing system entitlements Auditing assignment resources
Governance administration
Managing departments Managing business roles Managing identities Managing cost centers Managing multi-request resources Managing multi requestable/unsubscribable resources Managing resources Managing locations System entitlements Managing system roles Managing assignment resources
Applications Calls Discovering your statistics on the home page Appendix: Attestation conditions and approval policies from attestation procedures Appendix: Page and menu descriptions
Information (Menu description) My requests (Menu description) Profile (Menu description) Help (Menu description) Request (Menu description) Attestation (Menu description)
My attestation status (page description) My actions (page description)
Pending attestations (page description)
Pending attestations – Attestation policies (page description) Pending attestations: One Identity Manager application roles (page description) Pending attestations: Departments (page description) Pending attestations: System roles (page description) Pending attestations: Locations (page description) Pending attestations: Business roles (page description) Pending attestations: PAM assets (page description) Pending attestations: PAM user accounts (page description) Pending attestations: Employees (page description) Pending attestations: Cost centers (page description) Pending attestations: User accounts (page description) Pending attestations: System entitlements (page description) Pending attestations: Resources (page description) Pending attestations: Assignment resources (page description) Pending attestation: Multi-request resources (page description) Pending attestations: Software (page description) Pending attestations: Multi requestable/unsubscribable resources (page description) Pending attestations: Devices (page description) Pending attestations – approvals (page description)
Attestation history (page description) Attestation inquiries (page description)
Auditing (page description) Governance administration (page description) Attestation escalation approval (page description)
Compliance (Menu description) Responsibilities (Menu description)
My responsibilities (page description)
Identities (page description) System entitlements (page description) Business roles (page description) System roles (page description) Departments (page description) Cost centers (page description) Locations (page description) Application roles (page description) Resources (page description) Assignment resources (page description) Multi-request resources (page description) Software (page description) Multi requestable/unsubscribable resources (page description) Devices (page description)
Delegating tasks (page description) Ownerships (page description) Auditing (page description)
Auditing – Departments (page description) Auditing – Application roles (page description) Auditing – Device (page description) Auditing – Business roles (page description) Auditing – Identity details (page description) Auditing – Cost center (page description) Auditing – Multi-request resources (page description) Auditing – Multi requestable/unsubscribable resources (page description) Auditing - Resources (page description) Auditing – Software (page description) Auditing – Locations (page description) Auditing – System roles (page description) Auditing - Assignment resource (page description) Auditing – Active Directory (page description) Auditing – Azure Active Directory (page description) Auditing – Custom target system group (page description) Auditing – Google Workspace (page description) Auditing – Domino (page description) Auditing – LDAP (page description) Auditing – Oracle E-Business Suite (page description) Auditing – Privileged Account Management (page description) Auditing – SAP R/3 (page description) Auditing – Unix (page description)
Governance administration (page description)
Business roles (page description) Identities (page description) Multi-request resources (page description) Multi requestable/unsubscribable resources (page description) Organization (page description) Resources (page description) System entitlements (page description) System roles (page description) Assignment resources (page description)
Calls (Menu description)

Attestation escalation approval – Attestation policy (page description)

To open the Attestation Escalation Approval – Attestation policy page go to Attestation > Escalation > select attestation policy.

On the Attestation Escalation Approval – Attestation policy page, you can:

The following tables give you an overview of the various features and content on the Attestations Escalation Approval – attestation policy page.

Table 229: Controls

Control

Description

Approve

Use this button to grant the attestation approval (see Granting or denying escalated attestation cases).

Deny

Use this button to deny the attestation approval (see Granting or denying escalated attestation cases).

Approve all

Use this button to grant all attestations approval (see Granting or denying escalated attestation cases).

Deny all

Use this button to deny all attestations approval (see Granting or denying escalated attestation cases).

View attestors for pending attestation cases

Use this button to display all identities that still have to make approval decisions about attestation cases (see Displaying attestors of escalated attestation cases) and send them reminder mails (see Sending reminders about escalated attestation cases).

Send reminder

You can use this button to send reminder mails to all identities that still have attestation cases to approve on the current tab (see Sending reminders about escalated attestation cases).

Next

This opens the Attestation Escalation Approval – Approvals.

Use this button to display an overview of all approvals made and set further options (see Granting or denying escalated attestation cases). As long as you have not made a decision (with the help of the previous buttons) this button is disabled.

Table 230: Controls in the attestation case's details pane

Control

Description

Actions > Go to attested object

Use this action to switch to an overview of the object to be attested (see Displaying escalated attestation cases).

Actions > Send inquiry

Use this action to send an inquiry to an identity about the attestation case (see Submitting inquiries about escalated attestation cases).

Actions > Reroute approval

Use this action to let another approval level make the approval decision about the attestation case. For example, if approval is required by a manager in a one-off case (see Rerouting approvals of escalated attestation cases).

Actions > Add approver

Use this action to add an additional approver to share the approval decision about the attestation case (see Appointing additional approvers to escalated attestation cases).

Actions > Delegate approval

Use this action to delegate the approval decision about the attestation case to another identity (see Delegating approvals of escalated attestation cases to other identities). You can revoke this action in the attestation history (see Withdrawing delegations from escalated attestation case approvals).

Actions > Send a reminder mail

Use this action to display all identities that can make approval decisions about the attestation case (see Displaying attestors of escalated attestation cases). Then you can send them reminder mails (see Sending reminders about escalated attestation cases).

Withdraw additional approval

If you have appointed an additional approver for this attestation case (see Appointing additional approvers to escalated attestation cases), use this button to revoke the action. Then you are the only approver of this attestation case again (see Removing additional approvers from escalated attestation cases).

Revoking hold status

Use this button to release the attestation case for approval again so that it can be processed by the approvers (see Revoking the hold status of escalated attestation cases).

Report

Use this button to generate a report about the object to attest.

Show details

You can use this button to display details about all the objects that are included in this attestation case (see Displaying escalated attestation cases).

Table 231: Columns

Column

Description

Display name

Shows the name of the object included in the attestation case.

Attestation policy

Shows the name of the attestation policy in use.

State

Shows the current status of the attestation case.

The following status' are possible:

  • Pending: The attestation case is not closed yet and must still be approved.

  • Approved: The attestation case was approved. In the details pane, on the Workflow tab, you can see why the attestation case was granted approval.

  • Denied: The attestation case was denied. In the details pane, on the Workflow tab, you can see why the attestation case was denied approval.

New

Shows whether the attestation case is new.

It is possible that some of the attestation cases have existed for a while and have been approved several times. New cases have not been granted approval yet but might have been denied approval before.

Due date

Shows by when the attestation case must be completed.

Risk index

Show the attestation case's risk index.

Approval

Use these two buttons to make an approval decision about the attestation (see Granting or denying escalated attestation cases).

TIP: If you have made all your approval decisions, click Next to open an overview page and save all the approvals.

TIP: You can show less data by using the column filters. For more information, see Filtering.

NOTE: On the following tabs, you can show other useful information about each instance in the details pane. To do this, click the appropriate instance in the list.

  • Information: Displays general information about the attestations case.

  • Workflow: Shows the chronological lifecycle of the attestation case.

  • Attestation policy: Shows further information about the attestation policy used.

  • History: Shows the object's attestation history.

Attestation escalation – Approvals (page description)

To open the Attestation Escalation Approval – Approvals page go to Attestation > Escalation > Click an attestation policy > Make approval decision > Next.

After you have made your approval decisions on the Attestation Escalation Approvals page, you can save the approval decisions on the Pending Attestation Approval – Approvals page so that they take effect. You can also enter reason for the approval decisions here. For more information, see Granting or denying escalated attestation cases.

The following tables give you an overview of the various features and content on the Attestation Escalation Approval – Approvals page.

Table 232: Controls

Control

Description

Reason for approvals

Enter a reason for all approved attestations here.

Standard reason

Here you can select one of the standard reasons saved in the system for all approved attestations.

Reason for denials

Enter a reason for all denied attestations here.

Standard reason

Here you can select one of the standard reasons saved in the system for all denied attestations.

Save

Use this button to save all the settings and approval decisions.

Back

Use this button to switch to the previous page. For example, to approve other attestations.

Table 233: Columns

Column

Description

Display name

Shows you the name of the object to be attested.

Attestation policy

Shows the name of the attestation policy in use.

Due date

Shows by when the attestation case must be completed.

Risk index

Show the attestation case's risk index.

Reason

Here you can enter a reason for the decision. To do this, click on the button and, in the dialog, enter a reason or select one of the standard reasons.

TIP: You can show less data by using the column filters. For more information, see Filtering.

Compliance (Menu description)

Companies have different requirements that they need for regulating internal and external identities' access to company resources. On the one hand, rule checks are used for locating rule violations and on the other hand, to prevent them. By using these rules, you can demonstrate compliance with legislated regulations such as the Sarbanes-Oxley Act (SOX). The following demands are made on compliance:

  • Compliance rules define what an employee is entitled to do or not do. For example, an identity may not have both entitlements A and B at the same time.

  • Company policies are very flexible, and can be defined for any company resources you are managing with Manager. For example, a policy might only allow identities from a certain department to own a certain entitlement.

  • Each item that an identity access can be given a risk value. A risk index can be calculated for identities, accounts, organization, roles, and for the groups of resources available for request. You can then use the risk indexes to help prioritize your compliance activities.

Some rules are preventative. For example, a request will not be processed if it violates the rules, unless exception approval is explicitly granted and an approver allows it. Compliance rules (if appropriate) and company policies are run on a regular schedule and violations appear in the identity’s Web Portal to be dealt with there. Company policies can contribute to mitigation control by reducing risk. For example, if risks are posed by identities running processes outside the One Identity Manager solution and causing violations. Reports and dashboards provide you with comprehensive compliance information. For more information, see What statistics are available?.

You can use items on the Compliance menu to perform various actions and collect information. The following tables provide you with an overview of the menu items and actions that can be run here.

Table 234: Menu items

Menu

Menu item

Description

Compliance

 

 

My actions

 

 

 

Pending Rule Violations

Here you can make approval decisions about pending rule violations.

 

 

Rule Violation History

Here you can display all the approvals that you made about rule violations.

 

 

Pending Policy Violations

Here you can make approval decisions about pending policy violations.

 

 

Policy Violation History

Here you can display all the approvals that you made about policy violations.

 

Auditing

 

 

 

Rule Violations

Here you can display all rule violations.

 

 

Policy Violations

Here you can display all policy violations.

 

Governance administration

 

 

 

Risk assessment

Here you can display and edit all risk index functions.

 

 

Compliance frameworks

Here you can display all compliance frameworks.

 

 

High-risk overview

Here you can display objects (for example, identities) with increased risk index.

 

 

Rule violations

Here you can display all the compliance rules and corresponding rule violations.

 

 

Policy violations

Here you can display all the company policies and corresponding policy violations.

 

 

Rule analysis

Here you can display all compliance rules with SAP functions and the user accounts that violate these rules.

 

 

Function analysis

Here you can display rule violations of identities assigned to critical SAP functions.

My actions (page description)

To open the My Actions page go to Compliance > My Actions.

On the My Actions page, you can perform various actions regarding compliance.

To do this, click on one of the tiles:

Table 235: Tiles

Tiles

Description

Pending rule violations

You select the following actions:

Rule Violation History

Here you can view all the rule violations you have approved or denied in the past (see Displaying rule violation history).

Pending Policy Violations

You select the following actions:

Policy Violation History

Here you can view all the policy violations you have approved or denied in the past.

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione