Chat now with support
Chat with Support

Identity Manager 9.0 LTS - Attestation Administration Guide

Attestation and recertification
One Identity Manager users for attestation Attestation base data Attestation types Attestation procedure Attestation schedules Compliance frameworks Chief approval team Attestation policy owners Standard reasons for attestation Attestation policies Sample attestation Grouping attestation policies Custom mail templates for notifications Suspending attestation
Approval processes for attestation cases
Approval policies for attestations Approval workflow for attestations Selecting attestors Setting up multi-factor authentication for attestation Prevent attestation by employee awaiting attestation Attestation by peer group analysis Managing attestation cases
Attestation sequence Default attestation and withdrawal of entitlements User attestation and recertification Mitigating controls Setting up attestation in a separate database Configuration parameters for attestation

Notifying delegates

If required, a delegator can receive notifications if the deputy or recipient of the single delegation has made an approval decision in an attestation case. A notification is sent once an employee has been determined as an attestor due to delegation and has made an approval decision for the attestation case.

To send a notification when the employee who was delegated an approval approves or denies the attestation.

  • In the Designer, set the QER | ITShop | Delegation | MailTemplateIdents | InformDelegatorAboutDecisionAttestation configuration parameter.

    By default, a notification is sent with the Delegation - inform delegator about decided attestation mail template.

TIP: To use custom mail templates for emails of this type, change the value of the configuration parameter.

Delegations are taken into account in the following default approval procedures.

Table 39: Delegation relevant default approval procedures

Delegation of

Approval procedure

Department responsibilities

DM, ED

Cost center responsibilities

PM

Location responsibilities

LM

Business role responsibilities

MO, OM, RM, RR

Employee responsibilities

CM, EM

Memberships in business roles

OR

Memberships in application roles

AA, AD, AL, AN, AO, AP, AR, AS, AT, AY, EN, EO, OA, SO

Example

Jan User3 is responsible for the R1 business role. They delegate their responsibility for the business role to Jo User1. Jo User1 is themselves responsible for R2 business role.

A member of R1 business role is to be attested. Jan User3 is established as an attestor through the OM - Manager of a specific role approval process. The attestation case is assigned to Jo User1 for approval through delegation. Jan User3 is notified as soon as Jo User1 has made their approval decision about the attestation case.

A member of R2 business role is to be attested. Jo User1 is established as an attestor through the OM - Manager of a specific role approval process. No notification is sent because Jo User1 does not make the approval decision due to delegation.

For more information about delegating responsibilities, see the One Identity Manager IT Shop Administration Guide.

Related topics

Canceling attestation cases

Email notifications can be sent to other employees when an attestation case is canceled. You can specify the recipient of the notification as required by the company.

To set up the notification procedure

  1. Create custom mail templates for sending notification if attestation cases have been canceled.

  2. Create company-specific processes for notifications.

  3. Enter the following data for the approval policy:

    Mail template stopped: Mail template to be used for email notifications when an attestation case is canceled.

Detailed information about this topic

Escalation of attestation cases

Email notifications can be sent to the attestation policy's owner when an attestation case is escalated.

To set up the notification procedure

  1. On the Mail templates tab of the approval step, enter the following data:

    Mail template escalation: Attestation - Escalation

  2. Assign an owner to the attestation policies.

Related topics

Delegating attestations

If, in an approval step, other attestors can be authorized to make the approval decision, the additional attestors can be prompted to approve by email. The same applies if the attestation can be delegated.

To set up the notification procedure

  • On the Mail templates tab of the approval step, enter the following data:

    Mail template delegation: Attestation - Delegated/additional approval

    TIP: To enable approval by email, select the Attestation - delegated/additional approval (by email) mail template.
Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating