Chat now with support
Chat with Support

Identity Manager 8.2.1 - Attestation Administration Guide

Attestation and recertification
One Identity Manager users for attestation Attestation base data Attestation policies Sample attestation Custom mail templates for notifications Suspending attestation
Approval processes for attestation cases
Approval policies for attestations Approval workflow for attestations Selecting attestors Setting up multi-factor authentication for attestation Prevent attestation by employee awaiting attestation Attestation by peer group analysis Managing attestation cases
Attestation sequence Default attestation and withdrawal of entitlements User attestation and recertification Mitigating controls Setting up attestation in a separate database Configuration parameters for attestation

Approval workflow for attestations

You need to allocate an approval workflow to the approval policies in order to find the attestors. In an approval workflow, you specify the approval procedures, the number of attestors and a condition for selecting the attestors.

Use the workflow editor to create and edit approval workflows.

To edit an approval workflow

  1. In the Manager, select the Attestation > Basic configuration data > Approval workflows category.

  2. Select the approval workflow in the result list and run the Change main data task.

    - OR -

    Click in the result list.

    This opens the Workflow Editor.

  3. Edit the approval workflow main data.

  4. Save the changes.

Working with the workflow editor

Use the workflow editor to create and edit approval workflows. The workflow editor allows approval levels to be linked together. Multi-step approval processes are clearly displayed in a graphical form.

Figure 1: Workflow editor

Approval levels and approval steps belonging to the approval workflow are edited in the workflow editor using special control elements. The workflow editor contains a toolbox. The toolbox items are activated or deactivated depending on how they apply to the control. You can move the layout position of the control elements in the workflow editor with the mouse or these can be moved automatically.

Table 20: Entries in the toolbox

Control

Item

Meaning

Workflow

Edit

Edit the properties of the approval workflow.

Layout automatically

The workflow elements are aligned automatically. The workflow layout is recalculated.

Approval levels

Add

A new approval level is added to the workflow.

Edit

Edit the properties of the approval workflow.

Delete

Deletes the approval level.

Approval steps

Add

Add a new approval step to the approval level.

Edit

Edit the properties of the approval step.

Delete

Deletes the approval step.

Assignments

Remove positive

The Approved connector for the selected approval level is deleted.

Remove negative

The Deny connector for the selected approval level is deleted.

Remove reroute

The Reroute connector for the selected approval level is deleted.

Remove escalation

The Escalate connector for the selected approval level is deleted.

Each of the controls has a properties window for editing the data of the approval workflow, level, or step. To open the properties window, select the Toolbox > < Control> > Edit item.

To delete a control, select the element and then the Toolbox > <Control> > Delete item.

Individual elements are linked to each other with a connector. Activate the connection points with the mouse. The cursor changes into an arrow icon for this. Hold down the left mouse button and pull a connector from one connection point to the next.

Figure 2: Approval workflow connectors

Table 21: Approval workflow connectors
Connector Meaning

Approve

Link to next approval level if the current approval level was granted approval.

Deny

Link to next approval level if the current approval level was not granted approval.

Reroute

Link to other approval levels to bypass the current approval.

Escalation

Connection to another approval level when the current approval level is escalated after timing out.

By default, a connection between workflow elements and level elements is created immediately when a new element is added. If you want to change the level hierarchy, drag a new connector to another level element.

Alternatively, you can release connectors between level elements using the Toolbox > Assignments items. To do this, mark the level element where the connector starts. Then add a new connector.

Different icons are displayed on the level elements depending on the configuration of the approval steps.

Table 22: Icons on the level elements
Icon Meaning

The approval decision is made by the system.

The approval decision is made manually.

The approval step contains a reminder function.

The approval step contains a timeout.

Changes to individual elements in the workflow do not take place until the entire approval workflow is saved. The layout position in the workflow editor is saved in addition to the approval policies.

Setting up approval workflows

An approval workflow consists of one or more approval levels. An approval level can contain one approval step or several parallel approval steps. Within the attestation process, all of the approval steps for one approval level must be run before the next approval level is called. Use connectors to set up the sequence of approval levels in the approval workflow.

When you add a new approval workflow, the first thing to be created is a new workflow element.

To edit approval level properties

  1. Open the Workflow Editor.

  2. Select the Toolbox > Workflow > Edit item.

  3. Edit the workflow properties.

  4. Click OK.
Table 23: Approval workflow properties

Property

Meaning

Name

Approval workflow name.

System halt (days)

Number of days to elapse after which the approval workflow, and therefore the system, automatically halts the entire attestation procedure.

Description

 Text field for additional explanation.
Detailed information about this topic

Editing approval levels

An approval level provides a method of grouping individual approval steps. All the approval steps in one approval level are run in parallel. All the approval steps for different approval levels are run one after the other. You use the connectors to specify the order.

Specify the individual approval steps in the approval levels. At least one approval step is required per level. Enter the approval steps first before you add an approval level.

To add an approval level

  1. Select the Toolbox > Approval levels > Add item.

    This opens the properties dialog for the first approval step.

  2. Enter the approval step properties.

  3. Save the changes.

You can edit the properties of an approval level as soon as you have added an approval level with at least one approval step.

To edit approval level properties

  1. Select the approval level.

  2. Select the Toolbox > Approval levels > Edit item.

  3. Enter a display name for the approval level.

  4. Save the changes.
NOTE: You can define more than one approval step for each approval level. In this case, the attestors of an approval level can make a decision about an attestation case in parallel rather than sequentially. The attestation case cannot be presented to the attestors at the next approval level until all approval steps in one approval level have been completed in the attestation procedure.

To add more approval steps to an approval level

  1. Select the approval level.

  2. Select the Toolbox > Approval steps > Add item.

  3. Enter the approval step properties.

  4. Save the changes.
Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating