지금 지원 담당자와 채팅
지원 담당자와 채팅

Identity Manager On Demand - Starling Edition Hosted - Attestation Administration Guide

Attestation and recertification
One Identity Manager users for attestation Attestation base data Attestation types Attestation procedure Attestation schedules Compliance frameworks Chief approval team Attestation policy owners Standard reasons for attestation Attestation policies Sample attestation Grouping attestation policies Custom mail templates for notifications Suspending attestation Automatic attestation of policy violations
Approval processes for attestation cases
Approval policies for attestations Approval workflow for attestations Selecting attestors Setting up multi-factor authentication for attestation Prevent attestation by identity awaiting attestation Automatic acceptance of attestation approvals Phases of attestation Attestation by peer group analysis Approval recommendations for attestations Managing attestation cases
Attestation sequence Default attestations Mitigating controls Setting up attestation in a separate database Configuration parameters for attestation

Attestation procedure

Attestation procedures specify the attestation base object. They define which attestation object properties are to be attested. Attestation object data can be provided in list or report form.

To edit an attestation procedure

  1. In the Manager, select the Attestation > Basic configuration data > Attestation procedures category.

  2. Select an attestation procedure in the result list and run the Change main data task.

    - OR -

    Click in the result list.

  3. Edit the attestation procedure main data.

  4. Save the changes.

General main data of an attestation procedure

Enter the following properties for an attestation procedure.

Table 2: General main data of an attestation procedure

Property

Description

Attestation procedure

Any name for the attestation procedure.

Attestation type

Criteria for grouping attestation procedures. Attestation types make it easier to assign a matching attestation procedure to the attestation policies.

Description

Text field for additional explanation.

Report

Report for the attestor containing all the necessary information about the attestation objects.

Predefined reports are supplied in a menu. If you do not want to assign a report, you can specify additional information about the attestation objects in the Property 1-4 (template) fields.

NOTE: The report will be generated in the language given in the attestation guideline if there are translations available for it in the database. Otherwise, the default language is used, which is stored as a fallback variant in the database information.

Snapshot content

Contents of the snapshot created for an attestation object.

If no report is specified, a snapshot of the object to be attested is created. You can configure the contents of the snapshot.

Table

Database table in which the attestation objects are to be found (= attestation base object). All tables, which fulfill the following conditions, are available:

  1. The table contains a XObjectKey column.

  2. The table type is Table, View, ReadOnly, or Proxy.

  3. The usage type is User data, Materialized data, or Read only data.

  4. It is not the basetree table. It is not an assignment table referencing basetree.

  5. Table belongs to the application data model.

  6. Table is not disabled.

For more information about table types and usage types, see the One Identity Manager Configuration Guide.

Preprocessor condition

Specifies the preprocessor configuration parameters on which the attestation procedure depends. Attestation procedures that are disabled through a preprocessor condition are not displayed in One Identity Manager.

Detailed information about this topic

Templates for attestation procedures

On the Templates tab, define the templates that supply additional information about the attestation objects displayed in the Web Portal or in reports.

Table 3: Attestation procedure templates

Property

Description

Grouping column 1-3 (template)

A value template for formatting the value used to group and filter pending attestation cases in the Web Portal.

Enter a value template in dollar notation. This template can access the base object properties and the properties of all objects connected through foreign keys.

Grouping column 1-3

Column headers for Grouping column 1-3 (template). The columns are multi-language. To enter a translation, click .

Grouping column 1-3 (text template)

Text template describing the facts of an attestation case when grouped according to the respective grouping column.

The value of the group columns 1-3 can be included in the text template by using variables.

Property 1-4 (template)

Templates for formulating a value that supplies additional information about the attestation object. Use these fields to show additional information about the attestation object in the Web Portal.

Enter a value template in dollar notation. This template can access the base object properties and the properties of all objects connected through foreign keys.

Property 1-4

Column headers for Property 1-4 (template). The columns are multi-language. To enter a translation, click .

Risk index template

Template for formulating the value for the attestation case’s risk index.

Enter a value template in dollar notation. This template can access the base object properties and the properties of all objects connected through foreign keys.

Text template

Text template describing the facts about a single attestation case.

The value of the group columns 1-3 can be included in the text template by using variables.

Related object 1-3 (template)

Template for formulating an object key for an object related to the attestation base object. Required for displaying pending attestation cases in the Web Portal.

Enter a value template in dollar notation. This template can access the base object properties and the properties of all objects connected through foreign keys.

Define the display value for this object in Grouping column 1-3 (template).

Example

You want to attest Active Directory group memberships. Group the attestation cases by user account display value, Active Directory group display value, and the display value of associated identities. The Web Portal group's canonical name should be displayed with every group membership in the Active Directory. The attestation case's risk index can be determined from the group membership's risk index. The object key for the object relation can be found from the Active Directory user account. The information required about the attestation objects will be summarized in a report. To do this, enter the following data on the main data form.

Table 4: Example of an attestation case definition

Property

Value

Table

Database table ADSAccountInADSGroupTotal

Report

<report name>

Grouping column 1

$UID_ADSAccount[d]$

Grouping column 2

$UID_ADSGroup[d]$

Grouping column 3

$FK(UID_ADSAccount).UID_Person[d]$

Property 1 (template)

$FK(UID_ADSGroup).CanonicalName$

Risk index template

$RiskIndexCalculated$

Object relation 1

$FK(UID_ADSAccount).XObjectKey$

Related topics

Providing information about attestation objects

To help attestors make their approval decisions, attestation cases must provide all necessary information about the attestation objects. This information can be provided either by a report or by a snapshot of the respective attestation object.

  1. Report

    Depending on the selected table, it is possible to choose between different default reports. To specify yourself what information the attestors are given, use the Report Editor to design a report.

  2. Snapshot

    If no report is specified, a snapshot of the object to be attested is created. This contains all object properties, objects referenced by foreign key, and their properties. The scope of the snapshot can be reduced.

Related topics
관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택