Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Identity Manager 9.0 LTS - Attestation Administration Guide

Table of Contents

Attestation and recertification

One Identity Manager users for attestation Attestation base data Attestation types

Default attestation types Additional tasks for attestation types

Overview of the attestation type Assigning attestation procedures

Attestation procedure

General main data of an attestation procedure Templates for attestation procedures Providing information about attestation objects

Defining reports for attestation Defining snapshot content

Default attestation procedures Additional tasks for attestation procedures

Overview of the attestation procedure Assigning approval policies Creating a copy

Attestation schedules

Default schedules Additional tasks for schedules

Schedule overview Assigning attestation policies Starting schedules immediately

Compliance frameworks

Additional tasks for compliance frameworks

Compliance framework overview Assigning attestation policies

Chief approval team Attestation policy owners Standard reasons for attestation

Predefined standard reasons for attestations

Attestation policies

General main data of attestation policies Specifying risk indexes for attestation guidelines Default attestation policies Additional tasks for attestation policies

The attestation policy overview Assigning approvers to attestation policies Assigning compliance frameworks to attestation policies Mitigating controls

Assigning mitigating controls Creating mitigating controls

Running attestation for single objects Showing or hiding conditions Copy attestation policies Showing selected objects Deleting attestation policies

Disabling attestation policies Reports about attestations

Sample attestation

Creating, editing, deleting samples General main data of samples Managing sample data Generating sample data automatically Using samples with attestation policies Displaying the sample overview Default sample for attesting memberships in system entitlements

Grouping attestation policies

Creating and editing policy collections General main data of policy collections Assigning policy collections to attestation policies Disabling policy collections Deleting policy collections

Custom mail templates for notifications

Creating and editing attestation mail templates General properties of a mail template Creating and editing a mail definition

Using base object properties Use of hyperlinks in the Web Portal

Default functions for creating hyperlinks

Customizing email signatures

Copying mail templates for attestation Displaying attestation mail templates previews Deleting mail templates for attestation Custom notification processes

Suspending attestation

Approval processes for attestation cases

Approval policies for attestations

General main data of approval policies Default approval policies Additional tasks for approval policies

Editing approval workflows Validity checking

Approval workflow for attestations

Working with the workflow editor Setting up approval workflows

Editing approval levels Editing approval steps Properties of an approval step Connecting approval levels

Additional tasks for approval workflows

The approval workflow overview Copying approval workflows

Deleting approval workflows Default approval workflows

Selecting attestors

Default approval procedures

Using attestation policies to find attestors Using roles of employees to be attested to find attestors Using attestation objects to find attestors Determining attestors using the attestation objects' service item Using attestation object managers to find attestors Using persons responsible for attestation objects to find attestors Using a specified role to find attestors Using product owners to find attestors Using owners of a privileged object to find attestors Using additional Active Directory group owners to find attestors Using owners of the attestation objects to find attestors Using employees assigned to user accounts to find attestors Determining attested employee as attestor Calculated approval Approvals to be made externally Waiting for further approval

Setting up approval procedures

General main data of an approval procedure Queries for finding attestors

Additional tasks for approval procedures

Overview of the approval procedure Specifying permitted approval procedures for tables Copying an approval procedure

Deleting approval procedures Determining the responsible attestors

Setting up multi-factor authentication for attestation Prevent attestation by employee awaiting attestation Attestation by peer group analysis

Configuring peer group analysis for attestations

Managing attestation cases

Getting more information Appointing other attestors Escalating an attestation case Attestors cannot be established Automatic approval on timeout Halting an attestation case on timeout Attesting by chief approval team

Attestation sequence

Starting attestation Additional tasks for attestation cases

Attestation case overview Approval sequence Attestation history Reports about attestation cases

Modifying approval workflows for pending attestation cases Closing attestation cases for deactivated employees Deleting attestation cases Notifications in the attestation process

Requesting attestation Reminding attestors Scheduling attestation requests Reminding attestors about attestation objects Granting or denying attestation cases Notifying delegates Canceling attestation cases Escalation of attestation cases Delegating attestations Rejecting approvals Notifications with questions Notifications from additional attestors Link for verifying new external users Default mail templates

Attestation by mail

Processing attestation mails

Adaptive cards attestation

Using adaptive cards for attestations Adding and deleting recipients and channels Creating, editing, and deleting adaptive cards for attestations Creating, editing, and deleting adaptive cards templates for attestations General main data for adaptive cards Deploying and evaluating adaptive cards for attestations Disabling adaptive cards

Default attestation and withdrawal of entitlements

Attesting system entitlements System role attestation Application role attestation Business role attestation

User attestation and recertification

One Identity Manager users for attesting and recertifying users Configuring user attestation and recertification Attesting new users

Self-registration of new users in the Web Portal Adding new employees using a manager or employee administrator Importing new employee main data Scheduled attestation Limiting attestation objects for certification

Recertifying existing users

Preparing for recertification The recertification sequence Limiting attestation objects for recertification

Mitigating controls

General main data of mitigating controls Additional tasks for mitigating controls

Mitigating controls overview Assigning attestation policies

Calculating mitigation

Setting up attestation in a separate database

Requirements for the central database Setting up work databases Setting up synchronization between central and work databases Setting up and running attestations in the work database

Configuration parameters for attestation

Creating and editing policy collections

To run different attestations together, create a policy collection and assign it to all the attestation policies that you want to start collectively.

To delete a policy collection

In the Manager, select the Attestation > Policy collections category.
Click in the result list.
Edit the main data of the policy collection.
Save the changes.

To edit a policy collection

In the Manager, select the Attestation > Policy collections category.
In the result list, select the policy collection and run the Change main data task.
Edit the main data of the policy collection.
Save the changes.

Detailed information about this topic

General main data of policy collections

Enter the following main data for a policy collection.

Table 14: General main data of a policy collection
Property	Description
Policy collection	Name of the policy collection.
Description	Text field for additional explanation.
Owners	The policy collection owner. The name of the user logged in to One Identity Manager is entered here by default. This can be changed.
Owner (Application Role)	Application role whose members can edit the policy collection. To create a new application role, click . Enter the application role name and assign a parent application role.
Sample	Sample that can be used for attestations. A sample can only be assigned to only one policy collection. It is transferred to all related attestation policies. To create a new sample, click . Enter the name of the sample and assign the table from which to take the data for the sample.
Calculation schedule	Schedule for running attestation. Attestation cases are started automatically at the times specified by the schedule.
Disabled	Specifies whether the policy collection is disabled. If the option is enabled, all associated attestation policies are disabled. Thus, no attestations are carried out on the policy collection.

Related topics

Grouping attestation policies

Assigning policy collections to attestation policies

To group attestation policies together, assign a policy collection to the attestation policies. An attestation policy can be assigned to only one policy collection.

To assign a policy collection to an attestation policy

In the Manager, select the Attestation > Attestation policies category.
Select the attestation policy in the result list and run the Change main data task.
Select the policy collection from the Policy collection menu.
Save the changes.

Related topics

Disabling policy collections

To prevent attestations being run for a policy collection, you can disable the policy collection. This also disables all associated attestation policies and deletes their attestation cases.

To disable a policy collection

In the Manager, select the Attestation > Policy collections category.
In the result list, select the policy collection and run the Change main data task.
Set Disabled.
Save the changes.

Detailed information about this topic

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center