지금 지원 담당자와 채팅
지원 담당자와 채팅

Identity Manager 9.3 - Attestation Administration Guide

Attestation and recertification
One Identity Manager users for attestation Attestation base data Attestation types Attestation procedure Attestation schedules Compliance frameworks Chief approval team Attestation policy owners Standard reasons for attestation Providing terms of use for attestation Attestation policies Sample attestation Grouping attestation policies Custom mail templates for notifications Suspending attestation Automatic attestation of policy violations
Approval processes for attestation cases
Approval policies for attestations Approval workflow for attestations Selecting attestors Setting up multi-factor authentication for attestation Prevent attestation by identity awaiting attestation Automatic acceptance of attestation approvals Phases of attestation Attestation by peer group analysis Approval recommendations for attestations Managing attestation cases
Attestation sequence Default attestations Mitigating controls for attestation policies Setting up attestation in a separate database Configuration parameters for attestation

Determining attestors via the primary role of the identity to attest

You can assign an Attestors application role to hierarchical roles. When attesting identities, different approval procedures are available to determine which members of this application role are attestors.

ClosedAD - Attestor of the primary department of the identity to attest
ClosedAD - Attestor of the primary location of the identity to attest
ClosedAO - Attestor of the primary business role of the identity to attest
ClosedAD - Attestor of the primary cost center of the identity to attest

The following applies for all named approval procedures: Attestors of parent roles are determined if

  • the primary role is not directly assigned an attestor or

  • the assigned application role does not have any members.

If still no attestor can be determined, the attestation case is presented to the attestors of the associated role class for approval.

The following applies for the AO approval procedure: Attestors of child business roles are determined if

  • business role inheritance is bottom-up and

  • the primary business role is not directly assigned an attestor or

  • the assigned application role does not have any members.

Related topics

Determining attestors using the service item of the attestation object

You can assign an Attestors application role to service items and service categories. Different approval procedures can be used to identify members of this application role as attestors when objects are attested that have service items assigned to them.

ClosedAN - Attestor of the attested system entitlement or system role
ClosedOT - Attestor of assigned service item
Related topics

Determining attestors via attestation object managers

Managers can be assigned to identities, hierarchical roles, and system roles. Different approval procedures can be used to identify managers as attestors when these objects are attested. If user accounts are linked with identities, their managers can attest these user accounts.

ClosedC6 - Proposed manager
ClosedCM - Manager of the identity to attest
ClosedDM - Department manager of identity to attest
ClosedED - Department manager for system entitlement attestation
ClosedMD - Department manager of account's person
ClosedEM - Identity manager for system entitlement attestation
ClosedAM - Manager of account's person
ClosedLM - Location manager of identity to attest
ClosedMO - Business role manager of the identity to attest
ClosedPM - Cost center manager of identity to attest
ClosedRE - Manager of the system role to attest
ClosedRM - Role manager for membership attestation
ClosedRR - Role manager for role and role assignment attestation
ClosedXM - Manager of the identity for all attestations
Related topics

Determining managers or members of a role as attestors

A hierarchical role can be assigned to an approval step. Different approval procedures can be used to determine members and managers of this role as attestors.

ClosedOM - Manager of a specific role
ClosedOR - Members of a certain role
Related topics
관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택