サポートと今すぐチャット
サポートとのチャット

Identity Manager 9.2.1 - Attestation Administration Guide

Attestation and recertification
One Identity Manager users for attestation Attestation base data Attestation types Attestation procedure Attestation schedules Compliance frameworks Chief approval team Attestation policy owners Standard reasons for attestation Attestation policies Sample attestation Grouping attestation policies Custom mail templates for notifications Suspending attestation Automatic attestation of policy violations
Approval processes for attestation cases
Approval policies for attestations Approval workflow for attestations Selecting attestors Setting up multi-factor authentication for attestation Prevent attestation by identity awaiting attestation Automatic acceptance of attestation approvals Phases of attestation Attestation by peer group analysis Approval recommendations for attestations Managing attestation cases
Attestation sequence Default attestations Mitigating controls Setting up attestation in a separate database Configuration parameters for attestation

Attestation sequence

Once attestation is automatically or manually started, One Identity Manager creates an attestation run. This attestation run contains an attestation case for each attestation object. Attestation cases record the entire attestation sequence. Each attestation step in the attestation case can be audit-proof reconstructed. The attestation cases for a policy collection are combined in one attestation run.

You can display attestation runs in the navigation view under the menu item Attestation runs. This is where you can monitor the status of the attestation cases. Attestation cases that were not yet subject to approval are grouped under Pending attestations. You can display the attestation cases that have been closed by attestors or One Identity Manager grouped under Closed attestations. The status of pending attestation cases is checked regularly by the DBQueue Processor. The Attestation check starts the check.

NOTE: Attestation cases are edited in the Web Portal. For more information about this, see the One Identity Manager Web Designer Web Portal User Guide.

Attestation closes when the attestation case has been granted or denied approval. You specify how to deal with granted or denied attestations on a company basis.

TIP: One Identity Manager provides various default attestation procedures for different data situations and default attestation procedures. If you use these default attestation procedures, you can configure how you deal with denied attestations.

For more information, see Configuring withdrawal of entitlements.

Starting attestation

There are two ways for you to add attestation cases in the One Identity Manager. You can trigger attestation through a scheduled task or start selected objects individually.

Prerequisite

  • The attestation policy for this attestation is set.

To start attestation using a scheduled task

  1. In the Manager, select the Attestation > Attestation policies category.

  2. Select the attestation policy in the result list and run the Change main data task.

  3. Enable the schedule entered in the Calculation schedule field.

    1. In the navigation view, select the Basic configuration data > Schedules category.

    2. Select the schedule in the result list and run the Change main data task.

    3. Set the Enabled option.

    4. Save the changes.

To start attestation for the selected objects

  1. In the Manager, select the Attestation > Attestation policies category.

  2. Select the attestation policy in the result list. Select the Change main data task.

  3. Select the Run attestation cases for single objects... task.

    This opens a separate window.

  4. In the Attestation column, select every object for which attestation is to be run.

  5. Click Run.

    Attestation cases are generated for the selected attestation objects. As soon as DBQueue Processor has processed the task, you will see the newly created attestation cases in the navigation view under the Attestation runs > <attestation policy> > Attestation runs > <year> > <month> > <day> > Pending attestations menu item.

  6. Click Close.

NOTE: Under certain circumstances, old, closed attestation cases are deleted from the One Identity Manager database when new attestation cases are added.

For more information about configuring schedules, see the One Identity Manager Operational Guide.

TIP: If it takes longer than 48 hours to generate new attestation cases, the process is canceled. You can adjust the timeout for generating attestation cases to suit your requirements. To do this, in Designer, change the value of the QER | Attestation | PrepareAttestationTimeout configuration parameter.

Detailed information about this topic
Related topics

Attestation case overview

The overview form supplies you with the most important information about an attestation case. Here you can see the time by which an attestation case will be processed, depending on the processing time. One Identity Manager does not stipulate which actions are carried out if processing times out. Define your own custom actions or evaluations to deal with this situation.

To obtain an overview of an attestation case

  1. In the Manager, select the category

    • Attestation > Attestation runs > Attestation policies > <attestation policy> > Attestation runs > <year> > <month> > <day> - OR -

    • Attestation > Attestation run > Policy collections > <policy collection> > Attestation runs > <year> > <month> > <day>.

  2. Select the Pending attestations or the Closed attestations filter.

  3. Select an attestation case from the result list.

  4. Select Attestation case overview.

Related topics

Approval sequence

Once you have started attestation for an attestation policy, you can monitor the attestation case in One Identity Manager.

For pending attestation cases, see the current status of the approval process. The approval sequence is shown as soon as the DBQueue Processor has determined the attestors for the first approval step. In the approval workflow, you can view the approval sequence, the results of each approval step, and the attestors found. If the approval procedure could not find an attestor, the attestation case is canceled by the system.

To display the approval sequence of a pending attestation case

  1. In the Manager, select the category

    • Attestation > Attestation runs > Attestation policies > <attestation policy> > Attestation runs > <year> > <month> > <day> > Pending attestations - OR -

    • Attestation > Attestation run > Policy collections> <policy collection> > Attestation runs > <year> > <month> > <day> > Pending attestations.

  2. Select an attestation case from the result list.

  3. Select the Approval sequence task.

Each approval level of an approval workflow is represented by a special control. The attestors responsible for a particular approval step are shown in a tooltip. Pending attestation questions are also shown in tooltips. These elements are shown in color, the color code reflecting the current status of the approval level.

Table 34: Meaning of the colors in an approval sequence (in order of decreasing importance)

Color

Meaning

Blue

This approval level is currently being processed.

Green

This approval level has been granted approval.

Red

This approval level has been denied approval.

Yellow

This approval level has been deferred due to a question.

Gray

This approval level has not (yet) been reached.

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択