サポートと今すぐチャット
サポートとのチャット

Identity Manager 8.2.1 - Web Portal User Guide

General tips and getting started Requests
Setting up and configuring request functions Requesting products Saved for Later list Pending requests Displaying request history Canceling requests Renewing products with limit validity periods Unsubscribing products Displaying approvals Undoing approvals
Attestation Compliance Responsibilities
My responsibilities
Managing my departments Managing my application roles Managing my business roles Managing my identities Managing my cost centers Managing my locations Managing my system entitlements Managing my system roles
Delegating tasks Ownerships
Managing data
Managing identities Managing user accounts Managing system entitlements Managing departments Managing locations Managing cost centers Managing business roles Managing system roles
Appendix: Attestation conditions and approval policies from attestation procedures

Displaying attestation policy reports

You can the display reports of attestation policies. These reports contain detailed information about attestation policies.

To display an attestation policy's report

  1. In the menu bar, click Attestation > Attestation Policies.

  2. (Optional) To display disabled attestation policies, clear the Activated attestation policies only filter on the Attestation Policies page. To do this, click next to the filter (Clear filter).

  3. On the Attestation Policies page, click (Actions) > Download report next to the attestation policy whose report you want to display.

    Once the report is completely downloaded, you can open it.

Related topics

Setting up attestation policies

To fulfill new regulation requirements, you can create new attestation policies.

To create a new attestation policy

  1. In the menu bar, click Attestation > Attestation Policies.

  2. On the Attestation Policies page, click Create attestation policy.

  3. In the Create Attestation Policy pane, enter the new attestation policy's main data.

    Table 14: Attestation policy main data

    Property

    Description

    Disabled

    Specify whether the attestation policy is disabled or not. Attestation cases cannot be added to disabled attestation policies and, therefore, no attestation is done. Completed attestation cases can be deleted once the attestation policy is disabled.

    Attestation policy

    Enter a name for the attestation policy.

    Description

    Enter a description of the attestation policy.

    Attestation procedure

    Select which objects to attest with this attestation policy.

    NOTE: The selection of the attestation procedure is crucial. The selected attestation procedure determines, amongst other things, the available options when conditions are added. The available options are modified to match the attestation procedure.

    Approval policies

    Specify who can approve the attestations. Depending on which attestation procedure you selected, different approval policies are available.

    Attestors

    Click Assign/Change and then select the identities that can make approval decisions about attestation cases.

    NOTE: This field is only shown if you have selected an attestation policy in the Attestation policy menu that demands attestation by an approver (for example, Attestation by selected approvers).

    Calculation schedule

    Specify how often an attestation run is started with this attestation policy. Each attestation run creates a new attestation case respectively.

    Time required (days)

    Specify how many days attestors have to make an approval decision about the attestation cases governed by this policy. If you do not want to specify a time, enter 0.

    Owner

    Select the identity that is responsible for this attestation policy. This identity can view and edit the attestation policy.

    Risk index

    Use the slider to define the attestation policy's risk index. This value specifies the risk for the company if attestation for this attestation policy is denied.

    Compliance frameworks

    Click Assign/Change and add a compliance framework to use.

    Compliance frameworks are used for classifying attestation policies, compliance rules, and company policies according to regulatory requirements. For example, internal requirements or auditing requirements.

    Sample

    Select which sampling data you want to use (see Running sample attestations).

    NOTE: You can only select samples that have not yet been assigned to an attestation policy.

    NOTE: When you select samples, you can not set conditions anymore and vice versa.

    Close obsolete tasks automatically

    Specify whether attestation cases pending for this attestation policy are automatically closed if new attestation cases are created (for example, when there is a new attestation run of this attestation policy).

    If an attestation run with this attestation policy is started and the option is set, new attestation cases are created according to the condition. All pending, obsolete attestation cases for newly determined attestation objects of this attestation policy are stopped. Attestation cases for attestation objects that are not recalculated, remain intact.

    Approval by multi-factor authentication

    Specify whether approvals about attestation cases governed by this attestation policy require multifactor authentication (for example Starling 2FA).

  4. To specify which objects to attest, under Objects To Be Attested by This Attestation Policy, click Add condition.

  5. In the Condition type menu, click the condition type to use (see Appendix: Attestation conditions and approval policies from attestation procedures).

    NOTE: The options available in the Condition type menu depends on which attestation procedure is configured for the attestation policy.
  6. (Optional) Depending on which condition type you have selected, you can filter the selection of objects to attest (see Appendix: Attestation conditions and approval policies from attestation procedures).

  7. (Optional) Create more conditions if required. To do this, click Add another condition.

  8. (Optional) If you have specified more than one condition, you must specify whether one or all of the conditions must be fulfilled by enabling the appropriate option:

    • All conditions must be fulfilled: The next time the attestation policy is run, new attestation cases are added for all objects fulfilling all of the conditions. If one of the objects to attest does not fulfill a condition, this object is not attested. In addition, use of this option generates a intersecting set of all the individual conditions of the selected objects.

    • At least one condition must be fulfilled: The next time the attestation policy is run, new attestation cases are added for all objects that fulfill at least one of the conditions. Use of this option generates a superset of all the individual conditions of the selected objects.

  9. Click Create.

Related topics

Editing attestation policies

For example, you can modify attestation policies to include more conditions.

To edit an attestation policy

  1. In the menu bar, click Attestation > Attestation Policies.

  2. On the Attestation Policies page, next to the attestation policy you want to edit, click Edit.

    To view disabled attestation policies, clear the Activated attestation policies only filter. To do this, click next to the filter (Clear filter).

    NOTE: The system contains default attestation policies. These policies can only be edited to a limited degree. If you want to make changes to a default attestation policy, create a copy and edit the copy (see Copying attestation policies).

  3. In the Edit Attestation Policy pane, edit the attestation policy's main data.

    Table 15: Attestation policy main data

    Property

    Description

    Disabled

    Specify whether the attestation policy is disabled or not. Attestation cases cannot be added to disabled attestation policies and, therefore, no attestation is done. Completed attestation cases can be deleted once the attestation policy is disabled.

    Attestation policy

    Enter a name for the attestation policy.

    Description

    Enter a description of the attestation policy.

    Attestation procedure

    Select which objects to attest with this attestation policy.

    NOTE: The selection of the attestation procedure is crucial. The selected attestation procedure determines, amongst other things, the available options when conditions are added. The available options are modified to match the attestation procedure.

    Approval policies

    Specify who can approve the attestations. Depending on which attestation procedure you selected, different approval policies are available.

    Attestors

    Click Assign/Change and then select the identities that can make approval decisions about attestation cases.

    NOTE: This field is only shown if you have selected an attestation policy in the Attestation policy menu that demands attestation by an approver (for example, Attestation by selected approvers).

    Calculation schedule

    Specify how often an attestation run is started with this attestation policy. Each attestation run creates a new attestation case respectively.

    Time required (days)

    Specify how many days attestors have to make an approval decision about the attestation cases governed by this policy. If you do not want to specify a time, enter 0.

    Owner

    Select the identity that is responsible for this attestation policy. This identity can view and edit the attestation policy.

    Risk index

    Use the slider to define the attestation policy's risk index. This value specifies the risk for the company if attestation for this attestation policy is denied.

    Compliance frameworks

    Click Assign/Change and add a compliance framework to use.

    Compliance frameworks are used for classifying attestation policies, compliance rules, and company policies according to regulatory requirements. For example, internal requirements or auditing requirements.

    Sample

    Select which sampling data you want to use (see Running sample attestations).

    NOTE: You can only select samples that have not yet been assigned to an attestation policy.

    NOTE: When you select samples, you can not set conditions anymore and vice versa.

    Close obsolete tasks automatically

    Specify whether attestation cases pending for this attestation policy are automatically closed if new attestation cases are created (for example, when there is a new attestation run of this attestation policy).

    If an attestation run with this attestation policy is started and the option is set, new attestation cases are created according to the condition. All pending, obsolete attestation cases for newly determined attestation objects of this attestation policy are stopped. Attestation cases for attestation objects that are not recalculated, remain intact.

    Approval by multi-factor authentication

    Specify whether approvals about attestation cases governed by this attestation policy require multifactor authentication (for example Starling 2FA).

  4. To specify which objects to attest, perform one of the following actions:

    • To add a new condition, under Objects To Be Attested by This Attestation Policy click Add another condition.

    • To edit an existing condition, under Objects To Be Attested by This Attestation Policy, click the condition.

    • To delete an existing condition, click (Delete condition).

  5. In the Condition type menu, click the condition type to use (see Appendix: Attestation conditions and approval policies from attestation procedures).

    NOTE: The options available in the Condition type menu depends on which attestation procedure is configured for the attestation policy.
  6. (Optional) Depending on which condition type you have selected, you can filter the selection of objects to attest (see Appendix: Attestation conditions and approval policies from attestation procedures).

  7. (Optional) Create or modify more conditions if required. To do this, click Add another condition.

  8. (Optional) If you have specified more than one condition, you must specify whether one or all of the conditions must be fulfilled by enabling the appropriate option:

    • All conditions must be fulfilled: The next time the attestation policy is run, new attestation cases are added for all objects fulfilling all of the conditions. If one of the objects to attest does not fulfill a condition, this object is not attested. In addition, use of this option generates a intersecting set of all the individual conditions of the selected objects.

    • At least one condition must be fulfilled: The next time the attestation policy is run, new attestation cases are added for all objects that fulfill at least one of the conditions. Use of this option generates a superset of all the individual conditions of the selected objects.

  9. Click Save.

Related topics

Copying attestation policies

You can copy existing attestation policies and then edit them. For example, if you want to make changes to a default attestation policy, you can copy it, edit the copy, and then use it.

Copied attestation policies can be deleted again.

To copy an attestation policy

  1. In the menu bar, click Attestation > Attestation Policies.

  2. On the Attestation Policies page, next to the attestation policy you want to copy, click (Actions) > Copy.

    To view disabled attestation policies, clear the Activated attestation policies only filter. To do this, click next to the filter (Clear filter).

  3. In the Copy Attestation Policy pane, edit the attestation policy's main data.

    Table 16: Attestation policy main data

    Property

    Description

    Disabled

    Specify whether the attestation policy is disabled or not. Attestation cases cannot be added to disabled attestation policies and, therefore, no attestation is done. Completed attestation cases can be deleted once the attestation policy is disabled.

    Attestation policy

    Enter a name for the attestation policy.

    Description

    Enter a description of the attestation policy.

    Attestation procedure

    Select which objects to attest with this attestation policy.

    NOTE: The selection of the attestation procedure is crucial. The selected attestation procedure determines, amongst other things, the available options when conditions are added. The available options are modified to match the attestation procedure.

    Approval policies

    Specify who can approve the attestations. Depending on which attestation procedure you selected, different approval policies are available.

    Attestors

    Click Assign/Change and then select the identities that can make approval decisions about attestation cases.

    NOTE: This field is only shown if you have selected an attestation policy in the Attestation policy menu that demands attestation by an approver (for example, Attestation by selected approvers).

    Calculation schedule

    Specify how often an attestation run is started with this attestation policy. Each attestation run creates a new attestation case respectively.

    Time required (days)

    Specify how many days attestors have to make an approval decision about the attestation cases governed by this policy. If you do not want to specify a time, enter 0.

    Owner

    Select the identity that is responsible for this attestation policy. This identity can view and edit the attestation policy.

    Risk index

    Use the slider to define the attestation policy's risk index. This value specifies the risk for the company if attestation for this attestation policy is denied.

    Compliance frameworks

    Click Assign/Change and add a compliance framework to use.

    Compliance frameworks are used for classifying attestation policies, compliance rules, and company policies according to regulatory requirements. For example, internal requirements or auditing requirements.

    Sample

    Select which sampling data you want to use (see Running sample attestations).

    NOTE: You can only select samples that have not yet been assigned to an attestation policy.

    NOTE: When you select samples, you can not set conditions anymore and vice versa.

    Close obsolete tasks automatically

    Specify whether attestation cases pending for this attestation policy are automatically closed if new attestation cases are created (for example, when there is a new attestation run of this attestation policy).

    If an attestation run with this attestation policy is started and the option is set, new attestation cases are created according to the condition. All pending, obsolete attestation cases for newly determined attestation objects of this attestation policy are stopped. Attestation cases for attestation objects that are not recalculated, remain intact.

    Approval by multi-factor authentication

    Specify whether approvals about attestation cases governed by this attestation policy require multifactor authentication (for example Starling 2FA).

  4. To specify which objects to attest, perform one of the following actions:

    • To add a new condition, under Objects To Be Attested by This Attestation Policy click Add another condition.

    • To edit an existing condition, under Objects To Be Attested by This Attestation Policy, click the condition.

    • To delete an existing condition, click (Delete condition).

  5. In the Condition type menu, click the condition type to use (see Appendix: Attestation conditions and approval policies from attestation procedures).

    NOTE: The options available in the Condition type menu depends on which attestation procedure is configured for the attestation policy.
  6. (Optional) Depending on which condition type you have selected, you can filter the selection of objects to attest (see Appendix: Attestation conditions and approval policies from attestation procedures).

  7. (Optional) Create or modify more conditions if required. To do this, click Add another condition.

  8. (Optional) If you have specified more than one condition, you must specify whether one or all of the conditions must be fulfilled by enabling the appropriate option:

    • All conditions must be fulfilled: The next time the attestation policy is run, new attestation cases are added for all objects fulfilling all of the conditions. If one of the objects to attest does not fulfill a condition, this object is not attested. In addition, use of this option generates a intersecting set of all the individual conditions of the selected objects.

    • At least one condition must be fulfilled: The next time the attestation policy is run, new attestation cases are added for all objects that fulfill at least one of the conditions. Use of this option generates a superset of all the individual conditions of the selected objects.

  9. Click Create.

Related topics
関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択