Identity Manager 8.2.1 - Web Designer Web Portal User Guide

To open the Attestation Escalation Approval – Attestation policy page go to Attestation > Escalation > select attestation policy.

On the Attestation Escalation Approval – Attestation policy page, you can:

Display escalated attestation cases (see Displaying escalated attestation cases)
Display attestors for escalated attestation cases (see Displaying attestors of escalated attestation cases)
Display object details to attest (see Displaying escalated attestation cases)
Generate reports about objects to attest
Send reminders to approvers (see Sending reminders about escalated attestation cases)
Grant or deny attestation cases (see Granting or denying escalated attestation cases)
Make inquiries about attestation cases if the information is insufficient to make an approval decision (see Submitting inquiries about escalated attestation cases)
Reroute attestation case approvals to other identities (see Rerouting approvals of escalated attestation cases)
Add other approvers that can approve attestation cases (see Appointing additional approvers to escalated attestation cases)
Delegate attestation case approvals to other identities (see Delegating approvals of escalated attestation cases to other identities)
Revoke attestation cases' hold status (see Revoking the hold status of escalated attestation cases)

The following tables give you an overview of the various features and content on the Attestations Escalation Approval – attestation policy page.

Table 229: Controls
Control	Description
Approve	Use this button to grant the attestation approval (see Granting or denying escalated attestation cases).
Deny	Use this button to deny the attestation approval (see Granting or denying escalated attestation cases).
Approve all	Use this button to grant all attestations approval (see Granting or denying escalated attestation cases).
Deny all	Use this button to deny all attestations approval (see Granting or denying escalated attestation cases).
View attestors for pending attestation cases	Use this button to display all identities that still have to make approval decisions about attestation cases (see Displaying attestors of escalated attestation cases) and send them reminder mails (see Sending reminders about escalated attestation cases).
Send reminder	You can use this button to send reminder mails to all identities that still have attestation cases to approve on the current tab (see Sending reminders about escalated attestation cases).
Next	This opens the Attestation Escalation Approval – Approvals. Use this button to display an overview of all approvals made and set further options (see Granting or denying escalated attestation cases). As long as you have not made a decision (with the help of the previous buttons) this button is disabled.

Table 230: Controls in the attestation case's details pane
Control	Description
Actions > Go to attested object	Use this action to switch to an overview of the object to be attested (see Displaying escalated attestation cases).
Actions > Send inquiry	Use this action to send an inquiry to an identity about the attestation case (see Submitting inquiries about escalated attestation cases).
Actions > Reroute approval	Use this action to let another approval level make the approval decision about the attestation case. For example, if approval is required by a manager in a one-off case (see Rerouting approvals of escalated attestation cases).
Actions > Add approver	Use this action to add an additional approver to share the approval decision about the attestation case (see Appointing additional approvers to escalated attestation cases).
Actions > Delegate approval	Use this action to delegate the approval decision about the attestation case to another identity (see Delegating approvals of escalated attestation cases to other identities). You can revoke this action in the attestation history (see Withdrawing delegations from escalated attestation case approvals).
Actions > Send a reminder mail	Use this action to display all identities that can make approval decisions about the attestation case (see Displaying attestors of escalated attestation cases). Then you can send them reminder mails (see Sending reminders about escalated attestation cases).
Withdraw additional approval	If you have appointed an additional approver for this attestation case (see Appointing additional approvers to escalated attestation cases), use this button to revoke the action. Then you are the only approver of this attestation case again (see Removing additional approvers from escalated attestation cases).
Revoking hold status	Use this button to release the attestation case for approval again so that it can be processed by the approvers (see Revoking the hold status of escalated attestation cases).
Report	Use this button to generate a report about the object to attest.
Show details	You can use this button to display details about all the objects that are included in this attestation case (see Displaying escalated attestation cases).

Table 231: Columns
Column	Description
Display name	Shows the name of the object included in the attestation case.
Attestation policy	Shows the name of the attestation policy in use.
State	Shows the current status of the attestation case. The following status' are possible: Pending: The attestation case is not closed yet and must still be approved. Approved: The attestation case was approved. In the details pane, on the Workflow tab, you can see why the attestation case was granted approval. Denied: The attestation case was denied. In the details pane, on the Workflow tab, you can see why the attestation case was denied approval.
New	Shows whether the attestation case is new. It is possible that some of the attestation cases have existed for a while and have been approved several times. New cases have not been granted approval yet but might have been denied approval before.
Due date	Shows by when the attestation case must be completed.
Risk index	Show the attestation case's risk index.
Approval	Use these two buttons to make an approval decision about the attestation (see Granting or denying escalated attestation cases). TIP: If you have made all your approval decisions, click Next to open an overview page and save all the approvals.

TIP: You can show less data by using the column filters. For more information, see Filtering.

NOTE: On the following tabs, you can show other useful information about each instance in the details pane. To do this, click the appropriate instance in the list.

Information: Displays general information about the attestations case.
Workflow: Shows the chronological lifecycle of the attestation case.
Attestation policy: Shows further information about the attestation policy used.
History: Shows the object's attestation history.

Attestation escalation – Approvals (page description)

To open the Attestation Escalation Approval – Approvals page go to Attestation > Escalation > Click an attestation policy > Make approval decision > Next.

After you have made your approval decisions on the Attestation Escalation Approvals page, you can save the approval decisions on the Pending Attestation Approval – Approvals page so that they take effect. You can also enter reason for the approval decisions here. For more information, see Granting or denying escalated attestation cases.

The following tables give you an overview of the various features and content on the Attestation Escalation Approval – Approvals page.

Table 232: Controls
Control	Description
Reason for approvals	Enter a reason for all approved attestations here.
Standard reason	Here you can select one of the standard reasons saved in the system for all approved attestations.
Reason for denials	Enter a reason for all denied attestations here.
Standard reason	Here you can select one of the standard reasons saved in the system for all denied attestations.
Save	Use this button to save all the settings and approval decisions.
Back	Use this button to switch to the previous page. For example, to approve other attestations.

Table 233: Columns
Column	Description
Display name	Shows you the name of the object to be attested.
Attestation policy	Shows the name of the attestation policy in use.
Due date	Shows by when the attestation case must be completed.
Risk index	Show the attestation case's risk index.
Reason	Here you can enter a reason for the decision. To do this, click on the button and, in the dialog, enter a reason or select one of the standard reasons.

TIP: You can show less data by using the column filters. For more information, see Filtering.

Compliance (Menu description)

Companies have different requirements that they need for regulating internal and external identities' access to company resources. On the one hand, rule checks are used for locating rule violations and on the other hand, to prevent them. By using these rules, you can demonstrate compliance with legislated regulations such as the Sarbanes-Oxley Act (SOX). The following demands are made on compliance:

Compliance rules define what an employee is entitled to do or not do. For example, an identity may not have both entitlements A and B at the same time.
Company policies are very flexible, and can be defined for any company resources you are managing with Manager. For example, a policy might only allow identities from a certain department to own a certain entitlement.
Each item that an identity access can be given a risk value. A risk index can be calculated for identities, accounts, organization, roles, and for the groups of resources available for request. You can then use the risk indexes to help prioritize your compliance activities.

Some rules are preventative. For example, a request will not be processed if it violates the rules, unless exception approval is explicitly granted and an approver allows it. Compliance rules (if appropriate) and company policies are run on a regular schedule and violations appear in the identity’s Web Portal to be dealt with there. Company policies can contribute to mitigation control by reducing risk. For example, if risks are posed by identities running processes outside the One Identity Manager solution and causing violations. Reports and dashboards provide you with comprehensive compliance information. For more information, see What statistics are available?.

You can use items on the Compliance menu to perform various actions and collect information. The following tables provide you with an overview of the menu items and actions that can be run here.

Table 234: Menu items
Menu	Menu item		Description
Compliance
	My actions
		Pending Rule Violations	Here you can make approval decisions about pending rule violations.
		Rule Violation History	Here you can display all the approvals that you made about rule violations.
		Pending Policy Violations	Here you can make approval decisions about pending policy violations.
		Policy Violation History	Here you can display all the approvals that you made about policy violations.
	Auditing
		Rule Violations	Here you can display all rule violations.
		Policy Violations	Here you can display all policy violations.
	Governance administration
		Risk assessment	Here you can display and edit all risk index functions.
		Compliance frameworks	Here you can display all compliance frameworks.
		High-risk overview	Here you can display objects (for example, identities) with increased risk index.
		Rule violations	Here you can display all the compliance rules and corresponding rule violations.
		Policy violations	Here you can display all the company policies and corresponding policy violations.
		Rule analysis	Here you can display all compliance rules with SAP functions and the user accounts that violate these rules.
		Function analysis	Here you can display rule violations of identities assigned to critical SAP functions.

Table 235: Tiles
Tiles	Description
Pending rule violations	You select the following actions: Show rule violations that have not been approved yet (see Displaying approvable rule violations) Grant or deny rule exceptions (see Approving and denying rule violations) Resolve rule violations (see Resolving rule violations)
Rule Violation History	Here you can view all the rule violations you have approved or denied in the past (see Displaying rule violation history).
Pending Policy Violations	You select the following actions: Show policy violations that have not been approved yet (see Displaying approvable policy violations) Permit or reject policy exceptions (see Approving and denying policy violations)
Policy Violation History	Here you can view all the policy violations you have approved or denied in the past.

Table 235: Tiles

Tiles

Description

Pending rule violations