サポートと今すぐチャット
サポートとのチャット

Identity Manager 8.2 - Web Designer Web Portal User Guide

General tips and getting started Security keys (WebAuthn) Requests
Requesting products Saved for Later list Request templates Pending requests Displaying request history Resubmitting requests Canceling requests Renewing products with limit validity periods Unsubscribing products Displaying approvals Undoing approvals Request inquiries Auditing requests Escalated requests
Attestation
Attestors for attestation cases Sending attestation reminders My attestation cases Pending attestations Displaying attestation history Attestation inquiries Auditing attestations Attestation – Administration Escalation
Compliance Responsibilities
My responsibilities
Specifying keywords for requestable products My departments My application roles My devices My business roles My identities My cost centers My multi-request resources My multi requestable/unsubscribable resources My resources My software applications My locations My system entitlements My system roles My assignment resources
Delegating tasks Ownerships Auditing
Auditing departments Auditing application roles Auditing devices Auditing business roles Auditing identities Auditing cost centers Auditing multi-request resources Auditing multi requestable/unsubscribable resources Auditing resources Auditing software Auditing locations Auditing system roles Auditing system entitlements Auditing assignment resources
Governance administration
Managing departments Managing business roles Managing identities Managing cost centers Managing multi-request resources Managing multi requestable/unsubscribable resources Managing resources Managing locations System entitlements Managing system roles Managing assignment resources
Applications Calls Discovering your statistics on the home page Appendix: Attestation conditions and approval policies from attestation procedures Appendix: Page and menu descriptions
Information (Menu description) My requests (Menu description) Profile (Menu description) Help (Menu description) Request (Menu description) Attestation (Menu description)
My attestation status (page description) My actions (page description)
Pending attestations (page description)
Pending attestations – Attestation policies (page description) Pending attestations: One Identity Manager application roles (page description) Pending attestations: Departments (page description) Pending attestations: System roles (page description) Pending attestations: Locations (page description) Pending attestations: Business roles (page description) Pending attestations: PAM assets (page description) Pending attestations: PAM user accounts (page description) Pending attestations: Employees (page description) Pending attestations: Cost centers (page description) Pending attestations: User accounts (page description) Pending attestations: System entitlements (page description) Pending attestations: Resources (page description) Pending attestations: Assignment resources (page description) Pending attestation: Multi-request resources (page description) Pending attestations: Software (page description) Pending attestations: Multi requestable/unsubscribable resources (page description) Pending attestations – approvals (page description)
Attestation history (page description) Attestation inquiries (page description)
Auditing (page description) Governance administration (page description) Attestation escalation approval (page description)
Compliance (Menu description) Responsibilities (Menu description)
My responsibilities (page description)
Identities (page description) System entitlements (page description) Business roles (page description) System roles (page description) Departments (page description) Cost centers (page description) Locations (page description) Application roles (page description) Resources (page description) Assignment resources (page description) Multi-request resources (page description) Software (page description) Multi requestable/unsubscribable resources (page description) Devices (page description)
Delegating tasks (page description) Ownerships (page description) Auditing (page description)
Auditing – Departments (page description) Auditing – Application roles (page description) Auditing – Device (page description) Auditing – Business roles (page description) Auditing – Identity details (page description) Auditing – Cost center (page description) Auditing – Multi-request resources (page description) Auditing – Multi requestable/unsubscribable resources (page description) Auditing - Resources (page description) Auditing – Software (page description) Auditing – Locations (page description) Auditing – System roles (page description) Auditing - Assignment resource (page description) Auditing – Active Directory (page description) Auditing – Azure Active Directory (page description) Auditing – Custom target system group (page description) Auditing – Google Workspace (page description) Auditing – Domino (page description) Auditing – LDAP (page description) Auditing – Oracle E-Business Suite (page description) Auditing – Privileged Account Management (page description) Auditing – SAP R/3 (page description) Auditing – Unix (page description)
Governance administration (page description)
Business roles (page description) Identities (page description) Multi-request resources (page description) Multi requestable/unsubscribable resources (page description) Organization (page description) Resources (page description) System entitlements (page description) System roles (page description) Assignment resources (page description)
Calls (Menu description)

Creating new attestation policies (page description)

To open the Create New Attestation Policy page go to Attestation > Governance Administration > Attestation Policy Settings > New attestation policy.

On the Create New Attestation Policy page you can create a new attestation policy.

The following tables give you an overview of the various features and content on the Attestation Policy Settings page.

Table 218: Controls

Control

Description

Create

Use this button to save the attestation policy with your settings.

Cancel

Use this button to cancel creation of the new attestation policy.

You can specify the following main data.

Table 219: Attestation policy main data

Property

Description

Disabled

Specify whether the attestation policy is disabled or not. Attestation cases cannot be added to disabled attestation policies and, therefore, no attestation is done. Completed attestation cases can be deleted once the attestation policy is disabled.

Attestation policy

Enter a name for the attestation policy.

Description

Enter a description of the attestation policy.

Attestation procedure

Click Assign/Change and specify which objects will be attested with this attestation policy.

NOTE: The selection of the attestation procedure is crucial. The selected attestation procedure determines, amongst other things, the available options when conditions are added. The available options are modified to match the attestation procedure.

Approval policies

Specify who can approve the attestations. Depending on which attestation procedure you selected, different approval policies are available.

Attestors

Click Assign/Change and then select the identities that can make approval decisions about attestation cases.

NOTE: This field is only shown if you have selected an attestation policy in the Attestation policy menu that demands attestation by an approver (for example, Attestation by selected approvers).

Calculation schedule

Specify how often an attestation run is started with this attestation policy. Each attestation run creates a new attestation case respectively.

Time required (days)

Specify how many days attestors have to make an approval decision about the attestation cases governed by this policy. If you do not want to specify a time, enter 0.

Owner

Select the identity that is responsible for this attestation policy. This identity can view and edit the attestation policy.

Risk index

Use the slider to define the attestation policy's risk index. This value specifies the risk for the company if attestation for this attestation policy is denied.

Compliance frameworks

Click Assign/Change and add a compliance framework to use.

Compliance frameworks are used for classifying attestation policies, compliance rules, and company policies according to regulatory requirements. For example, internal requirements or auditing requirements.

Close obsolete tasks automatically

Specify whether attestation cases pending for this attestation policy are automatically closed if new attestation cases are created (for example, when there is a new attestation run of this attestation policy).

If an attestation run with this attestation policy is started and the option is set, new attestation cases are created according to the condition. All pending, obsolete attestation cases for newly determined attestation objects of this attestation policy are stopped. Attestation cases for attestation objects that are not recalculated, remain intact.

Approval by multi-factor authentication

Specify whether approvals about attestation cases governed by this attestation policy require multifactor authentication (for example Starling 2FA).

In the Object selection, you use conditions to specify which objects are to be attested. The following table gives you an overview of the various features in the Object selection view.

Table 220: Controls in the object selection

Control

Description

All conditions must be fulfilled:

Enable this option to have new attestation cases created for all objects that meet each of the conditions the next time the attestation policy is run. If one of the objects to attest does not fulfill a condition, this object is not attested. In addition, use of this option generates a intersecting set of all the individual conditions of the selected objects.

At least one condition must be fulfilled:

Enable this option so that new attestation cases are created for all objects that meet at least one of the conditions the next time the attestation policy is run. Use of this option generates a superset of all the individual conditions of the selected objects.

Add condition

Use this button to create a new condition. Conditions specify which objects to attest. For more information about the different conditions, see Appendix: Attestation conditions and approval policies from attestation procedures.

Number of objects matching in total

Click the displayed number to preview all objects that to attest.

Edit condition

Use this button to edit an existing condition.

Delete condition

Use this button to delete and an existing condition.

Refresh

Use this button to update the total number of matching objects.

Editing attestation policies (page description)

To open the Edit attestation policy page go to Attestation > Governance Administration > Attestation Policy Settings > (Edit attestation policy).

On the Edit attestation policy page, you can:

  • Set up a schedule after the attestation case is generated

  • Disable the attestation policy

  • Select an identity to be responsible for granting or denying approval of attestation cases

  • Enable or disable automatic closing of obsolete attestation cases by the system

  • Create/edit condition for ascertaining which objects to attest

The following tables give you an overview of the various features and content on the Edit attestation policy page.

Table 221: Controls

Control

Description

Save

Use this button to save the attestation policy with the changes you have made.

Delete

Use this button to delete the attestation policy.

Cancel

Use this button to discard the changes to the attestation policy.

You can change the following main data.

Table 222: Attestation policy main data

Property

Description

Disabled

Specify whether the attestation policy is disabled or not. Attestation cases cannot be added to disabled attestation policies and, therefore, no attestation is done. Completed attestation cases can be deleted once the attestation policy is disabled.

Attestation policy

Enter a name for the attestation policy.

Description

Enter a description of the attestation policy.

Attestation procedure

Click Assign/Change and specify which objects will be attested with this attestation policy.

NOTE: The selection of the attestation procedure is crucial. The selected attestation procedure determines, amongst other things, the available options when conditions are added. The available options are modified to match the attestation procedure.

Approval policies

Specify who can approve the attestations. Depending on which attestation procedure you selected, different approval policies are available.

Attestors

Click Assign/Change and then select the identities that can make approval decisions about attestation cases.

NOTE: This field is only shown if you have selected an attestation policy in the Attestation policy menu that demands attestation by an approver (for example, Attestation by selected approvers).

Calculation schedule

Specify how often an attestation run is started with this attestation policy. Each attestation run creates a new attestation case respectively.

Time required (days)

Specify how many days attestors have to make an approval decision about the attestation cases governed by this policy. If you do not want to specify a time, enter 0.

Owner

Select the identity that is responsible for this attestation policy. This identity can view and edit the attestation policy.

Risk index

Use the slider to define the attestation policy's risk index. This value specifies the risk for the company if attestation for this attestation policy is denied.

Compliance frameworks

Click Assign/Change and add a compliance framework to use.

Compliance frameworks are used for classifying attestation policies, compliance rules, and company policies according to regulatory requirements. For example, internal requirements or auditing requirements.

Close obsolete tasks automatically

Specify whether attestation cases pending for this attestation policy are automatically closed if new attestation cases are created (for example, when there is a new attestation run of this attestation policy).

If an attestation run with this attestation policy is started and the option is set, new attestation cases are created according to the condition. All pending, obsolete attestation cases for newly determined attestation objects of this attestation policy are stopped. Attestation cases for attestation objects that are not recalculated, remain intact.

Approval by multi-factor authentication

Specify whether approvals about attestation cases governed by this attestation policy require multifactor authentication (for example Starling 2FA).

In the Object selection, you use conditions to specify which objects are to be attested. The following table gives you an overview of the various features in the Object selection view.

Table 223: Controls in the object selection

Control

Description

Adding conditions

Use this button to create a new condition. Conditions specify which objects to attest. For more information about the different conditions, see Appendix: Attestation conditions and approval policies from attestation procedures.

Number of objects matching in total

Click the displayed number to preview all objects that to attest.

Editing conditions

Use this button to edit an existing condition.

Deleting conditions

Use this button to delete and an existing condition.

Refresh

Use this button to update the total number of matching objects.

Attestation escalation approval (page description)

To open the Attestation Escalation Approval page go to Attestation > Escalation.

If the are attestations pending and the approver responsible is not available for an extended period or has no access to Web Portal, the fallback approver or member of the chief approval team must make an approval decision. For more information about the chief approval team, see the One Identity Manager Attestation Administration Guide.

On the Attestation Escalation Approval, you can display attestation cases grouped by attestation policy and then, on the Attestation Escalation Approval - <attestation policy> page, approve the attestation cases (see Attestation escalation – Attestation policy (page description)).

The following table gives you an overview of the various features on the Attestation Escalation Approval page.

Table 224: Columns

Column

Description

Attestation policy

Shows you the name of the attestation policy for which there are pending attestation cases.

Attestation Cases

Shows you how many pending attestation cases there are for this attestation policy and whether they are overdue.

Review

Shows you the progress of completed attestation cases in this attestation run. The color of the bar refers to the percentage of the attestation run's progress.

  • Red: Progress under 70%

  • Orange: Progress between 70% and 90%

  • Green: Progress over 90%

TIP: You can show less data by using the column filters. For more information, see Filtering.

Attestation escalation – Attestation policy (page description)

To open the Attestation Escalation Approval – Attestation policy page go to Attestation > Escalation > select attestation policy.

On the Attestation Escalation Approval – Attestation policy page, you can:

The following tables give you an overview of the various features and content on the Attestations Escalation Approval – attestation policy page.

Table 225: Controls

Control

Description

Approve

Use this button to grant the attestation approval (see Granting or denying escalated attestation cases).

Deny

Use this button to deny the attestation approval (see Granting or denying escalated attestation cases).

Approve all

Use this button to grant all attestations approval (see Granting or denying escalated attestation cases).

Deny all

Use this button to deny all attestations approval (see Granting or denying escalated attestation cases).

View attestors for pending attestation cases

Use this button to display all identities that still have to make approval decisions about attestation cases (see Displaying attestors of escalated attestation cases) and send them reminder mails (see Sending reminders about escalated attestation cases).

Send reminder

You can use this button to send reminder mails to all identities that still have attestation cases to approve on the current tab (see Sending reminders about escalated attestation cases).

Next

This opens the Attestation Escalation Approval – Approvals.

Use this button to display an overview of all approvals made and set further options (see Granting or denying escalated attestation cases). As long as you have not made a decision (with the help of the previous buttons) this button is disabled.

Table 226: Controls in the attestation case's details pane

Control

Description

Actions > Go to attested object

Use this action to switch to an overview of the object to be attested (see Displaying escalated attestation cases).

Actions > Send inquiry

Use this action to send an inquiry to an identity about the attestation case (see Submitting inquiries about escalated attestation cases).

Actions > Reroute approval

Use this action to let another approval level make the approval decision about the attestation case. For example, if approval is required by a manager in a one-off case (see Rerouting approvals of escalated attestation cases).

Actions > Add approver

Use this action to add an additional approver to share the approval decision about the attestation case (see Appointing additional approvers to escalated attestation cases).

Actions > Delegate approval

Use this action to delegate the approval decision about the attestation case to another identity (see Delegating approvals of escalated attestation cases to other identities). You can revoke this action in the attestation history (see Withdrawing delegations from escalated attestation case approvals).

Actions > Send a reminder mail

Use this action to display all identities that can make approval decisions about the attestation case (see Displaying attestors of escalated attestation cases). Then you can send them reminder mails (see Sending reminders about escalated attestation cases).

Withdraw additional approval

If you have appointed an additional approver for this attestation case (see Appointing additional approvers to escalated attestation cases), use this button to revoke the action. Then you are the only approver of this attestation case again (see Removing additional approvers from escalated attestation cases).

Revoking hold status

Use this button to release the attestation case for approval again so that it can be processed by the approvers (see Revoking the hold status of escalated attestation cases).

Report

Use this button to generate a report about the object to attest.

Show details

You can use this button to display details about all the objects that are included in this attestation case (see Displaying escalated attestation cases).

Table 227: Columns

Column

Description

Display name

Shows the name of the object included in the attestation case.

Attestation policy

Shows the name of the attestation policy in use.

State

Shows the current status of the attestation case.

The following status' are possible:

  • Pending: The attestation case is not closed yet and must still be approved.

  • Approved: The attestation case was approved. In the details pane, on the Workflow tab, you can see why the attestation case was granted approval.

  • Denied: The attestation case was denied. In the details pane, on the Workflow tab, you can see why the attestation case was denied approval.

New

Shows whether the attestation case is new.

It is possible that some of the attestation cases have existed for a while and have been approved several times. New cases have not been granted approval yet but might have been denied approval before.

Due date

Shows by when the attestation case must be completed.

Risk index

Show the attestation case's risk index.

Approval

Use these two buttons to make an approval decision about the attestation (see Granting or denying escalated attestation cases).

TIP: If you have made all your approval decisions, click Next to open an overview page and save all the approvals.

TIP: You can show less data by using the column filters. For more information, see Filtering.

NOTE: On the following tabs, you can show other useful information about each instance in the details pane. To do this, click the appropriate instance in the list.

  • Information: Displays general information about the attestations case.

  • Workflow: Shows the chronological lifecycle of the attestation case.

  • Attestation policy: Shows further information about the attestation policy used.

  • History: Shows the object's attestation history.

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択