Chat now with support
Chat with Support

Identity Manager 8.2.1 - Attestation Administration Guide

Attestation and recertification
One Identity Manager users for attestation Attestation base data Attestation policies Sample attestation Custom mail templates for notifications Suspending attestation
Approval processes for attestation cases
Approval policies for attestations Approval workflow for attestations Selecting attestors Setting up multi-factor authentication for attestation Prevent attestation by employee awaiting attestation Attestation by peer group analysis Managing attestation cases
Attestation sequence Default attestation and withdrawal of entitlements User attestation and recertification Mitigating controls Setting up attestation in a separate database Configuration parameters for attestation

Compliance framework overview

You can see the most important information about a compliance framework on the overview form.

To obtain an overview of a compliance framework

  1. In the Manager, select the Attestation > Basic configuration data > Compliance Frameworks category.

  2. Select the compliance framework from the result list.
  3. Select the Compliance framework overview task.

Assigning attestation policies

Use this task to assign attestation policies to the selected compliance framework.

To assign attestation policies to a compliance framework

  1. In the Manager, select the Attestation > Basic configuration data > Compliance frameworks category.

  2. Select the compliance framework from the result list.
  3. Select the Assign attestation polices task.

    Assign the attestation policies in Add assignments.

    TIP: In the Remove assignments pane, you can remove attestation policy assignments.

    To remove an assignment

    • Select the approval policy and double-click .

  4. Save the changes.

Chief approval team

Sometimes, approval decisions cannot be made for attestation cases because an attestor is not available or does not have access to One Identity Manager tools. To complete these attestations, you can define a chief approval team whose members are authorized to intervene in the approval process at any time.

There is a default application role in One Identity Manager for the chief approval team. Assign this application role to all employees who are authorized to approve, deny, cancel attestations in special cases, or to authorize other attestors. For detailed information about application roles, see the One Identity Manager Authorization and Authentication Guide.

Table 7: Default application role for chief approval team

User

Tasks

Chief approval team

The chief approver must be assigned to the Identity & Access Governance | Attestation | Chief approval team application role.

Users with this application role:

  • Approve using attestation cases.

  • Assign attestation cases to other attestors.

To add members to the chief approval team

  1. In the Manager, select the Attestation > Basic configuration data > Chief approval team category.

  2. Select the Assign employees task.

    In the Add assignments pane, assign the employees who are authorized to approve all attestations.

    TIP: In the Remove assignments pane, you can remove the assignment of employees.

    To remove an assignment

    • Select the employee and double-click .

  3. Save the changes.
Detailed information about this topic

Attestation policy owners

Default application roles for attestation policy owners are available in One Identity Manager. These owners have permission to edit attestation policies. For detailed information about application roles, see the One Identity Manager Authorization and Authentication Guide.

Table 8: Default application roles for attestation policy owners

User

Tasks

Attestation policy owners

Owners of attestation policies must be assigned to a child application role of the Identity & Access Governance | Attestation | Attestation policy owners application role.

Users with this application role:

  • Are responsible for its content and handle the attestation policies assigned to it.

  • Assign the attestation procedure, approval policy, and calculation schedule.

  • Assign approvers, mitigating controls, and compliance frameworks.

  • Monitor attestation cases and attestation runs.

Direct owners

Direct owners are all employees assigned to an attestation policy as an Owner (UID_PersonOwner column). Members of this application role are determined through a dynamic role.

Owner role

This application role or child application role can be assigned to attestation policies as an Owner (application role) (UID_AERoleOwner column) This allows you to specify groups of employees as owners for attestation policies. Employees are added as members to application roles by direct assignment.

To add members to the owner role

  1. In Manager, select the Attestation > Basic configuration data > Attestation policy owners > Owner role category.

  2. Select the Assign employees task.

    In the Add Assignments pane, assign the employees who are allowed to edit an attestation policy.

    TIP: In the Remove assignments pane, you can remove the assignment of employees.

    To remove an assignment

    • Select the employee and double-click .

  3. Save the changes.

If you want to restrict owner permissions to individual attestation policies, create child application roles.

To specify an owner role for an attestation policy

  1. Log in to the Manager as an attestation administrator (Identity & Access Governance | Attestation | Administrators application role).

  2. Select the Attestation > Attestation policies category.

  3. Select the attestation policy in the result list.

  4. Select the Change main data task.

  5. In the Owner (application role) menu, select the owner role.

    - OR -

    Click next to the menu to create a new application role.

    1. Enter the application role name and assign the Identity & Access Governance | Attestation | Attestation policy owners | Owner role parent application role.

    2. Click OK to add the new application role.

  6. Save the changes.
  7. Assign employees to this application role who are permitted to edit the attestation policy.

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating