All system entitlements |
Attests memberships in all system entitlements. |
Specific identities |
Select the identities. Attests this identity's memberships (or their associated user accounts) in system entitlements. |
Specific identities with subidentities. |
Select the identities. Attests this identity's memberships (or their associated user accounts) in system entitlements. In addition, it attests sub identities' memberships (or their associated user accounts) that the select identities are assigned to. |
Specific system entitlements |
Select the system entitlements. Attests memberships in these system entitlements. |
Membership by attestation state |
Select an attestation status Attests memberships in system entitlements that match this attestation status.
-
Denied memberships: Attests memberships that have been denied.
-
All Memberships: Attests all memberships.
-
New memberships: Attests memberships that have never been attested. |
New or not attested for x days |
Specify a number of days. Attests memberships in system entitlements that have not been attested for the defined number of days. |
No dynamic groups from Active Roles |
Attests memberships in all system entitlements. Dynamic groups are ignored in the process. |
System entitlements with specific owners |
Select the identities. Attests memberships in system entitlements that are managed by these identities. |
System entitlements in a target system container |
Select the target system containers. Attests memberships in system entitlements found in these target system containers. |
System entitlements in target systems |
Select the target systems. Attests memberships in system entitlements assigned to these target systems. |
System entitlements with defined risk index |
Use the Lower limit and Upper limit fields to define a risk index range. Attests memberships in system entitlements with a risk index in the chosen range. |
System entitlements with owners in departments |
Select the departments. Attests memberships in system entitlements that are managed by the identities in these departments. |
System entitlements with any owner |
Attests user account memberships in system entitlements that only have one owner. |
System entitlements with matching name |
Enter part of a name of system entitlements with user account memberships to attest. All system entitlements that have this pattern in their name are included. Example: Per finds "Person", "Personal", "Perfection" and so on. |
System entitlements by applications |
Select the applications. Attests user account memberships in system entitlements that are assigned to these applications. |
System entitlements by assignment origin |
Select how user account memberships in system entitlements must be assigned to enable attestation:
-
Directly assigned: Attests memberships that were assigned directly.
-
By request: Attests memberships in system entitlements that were requested.
-
By dynamic roles: Attests memberships in system entitlements that were assigned through dynamic roles.
-
Through roles: Attests memberships in system entitlements that were assigned through roles.
-
Through system roles: Attests memberships in system entitlements that were assigned through system roles. |