Chat now with support
Chat with Support

Identity Manager 9.0 LTS - Attestation Administration Guide

Attestation and recertification
One Identity Manager users for attestation Attestation base data Attestation types Attestation procedure Attestation schedules Compliance frameworks Chief approval team Attestation policy owners Standard reasons for attestation Attestation policies Sample attestation Grouping attestation policies Custom mail templates for notifications Suspending attestation
Approval processes for attestation cases
Approval policies for attestations Approval workflow for attestations Selecting attestors Setting up multi-factor authentication for attestation Prevent attestation by employee awaiting attestation Attestation by peer group analysis Managing attestation cases
Attestation sequence Default attestation and withdrawal of entitlements User attestation and recertification Mitigating controls Setting up attestation in a separate database Configuration parameters for attestation

Using adaptive cards for attestations

Attestators must be registered as recipients in Starling Cloud Assistant to be able to make approval decisions about attestation cases. Each recipient must be allocated to a channel that will be used to post the adaptive card. One Identity Manager provides adaptive cards for requesting attestation in German and English. These can be customized if necessary.

By default, an approval decision must be made within 1 day. If this deadline is exceeded, the Web Portal must be used to approve the attestation case. You can configure the deadline.

To use adaptive cards for attestations

  1. In the Designer, set the QER | Person | Starling | UseApprovalAnywhere configuration parameter.

  2. Ensure that a default email address is stored in One Identity Manager for each employee that will use adaptive cards. This address must correspond to the email address that the employee uses to log in to Microsoft Teams or Slack.

    For detailed information about the default email address, see the One Identity Manager Identity Management Base Module Administration Guide.

  3. Ensure that a language can be identified for each employee that will use adaptive cards. This allows attestors to obtain adaptive cards in their own language.

    For more information, see the One Identity Manager Identity Management Base Module Administration Guide.

  4. In the Designer, disable the QER | Attestation | MailTemplateIdents | RequestApproverByCollection configuration parameter.

    - OR -

    Enable the Always send notification of pending attestations attestation policy. This allows adaptive cards to also be sent for certain attestation policies if the scheduled request for attestation by email notification is configured.

  5. On the Mail template tab, assign a Mail template request the approval steps.

  6. Register all the employees, who are going to use adaptive cards for attesting, as recipients in Starling Cloud Assistant and assign them to the channel to use.

  7. Install the Starling Cloud Assistant app that matches the channel.

    Every registered employee must install this app.

    For more information, see the One Identity Starling Cloud Assistant User Guide under https://support.oneidentity.com/starling-cloud-assistant/hosted/technical-documents.

  8. (Optional) Change the timeout for adaptive cards.

    • In the Designer, set the QER | Person | Starling | UseApprovalAnywhere | SecondsToExpire configuration parameter and adjust the value. Enter a timeout in seconds.

  9. (Optional) Provide a country-specific template for adaptive cards or make adjust the adaptive cards settings.

    If a language cannot be identified or there is no suitable template for the language found, en-US is used as fallback.

Detailed information about this topic

Adding and deleting recipients and channels

Attestors can be registered in Starling Cloud Assistant as recipients through an IT Shop request and allocated to a channel. By default, the requests are approved immediately by self-service. Then the recipients are registered and the requested channel is assigned to them. Once the attestor has installed the Starling Cloud Assistant app, they can use adaptive cards to attest.

To add a recipient in Starling Cloud Assistant

  • In the Web Portal, request the New Starling Cloud Assistant recipient product.

To allocate Microsoft Teams as a channel in Starling Cloud Assistant

  1. In the Web Portal, request the Teams channel for Starling Cloud Assistant recipient product.

  2. Install the Starling Cloud Assistant app for Microsoft Teams.

    For more information, see the One Identity Starling Cloud Assistant User Guide under https://support.oneidentity.com/starling-cloud-assistant/hosted/technical-documents.

To allocate Slack as a channel in Starling Cloud Assistant

  1. In the Web Portal, request the Slack channel for Starling Cloud Assistant recipient product.

  2. Install the Starling Cloud Assistant app for Slack.

    For more information, see the One Identity Starling Cloud Assistant User Guide under https://support.oneidentity.com/starling-cloud-assistant/hosted/technical-documents.

To delete a recipient in Starling Cloud Assistant

  • Cancel the New Starling Cloud Assistant recipient product.

To remove a channel

  • Cancel the respective product.

For more information about requesting and unsubscribing products, see the One Identity Manager Web Portal User Guide.

Related topics

Creating, editing, and deleting adaptive cards for attestations

One Identity Manager provides adaptive cards for requesting attestation in German and English. These can be displayed in the Manager. You can create your own templates for adaptive cards, for example to make changes to the content or to provide adaptive cards in other languages. The recipient's language preferences are taken into account when an adaptive card is generated. If a language cannot be identified or there is no suitable template for the language found, en-US is used as fallback.

To use your own adaptive cards for attestations, configure the ATT_AttestationHelper approve anywhere process accordingly.

To display an adaptive card

  1. In the Manager, select the Attestation > Basic configuration data > Adaptive cards category.

  2. Select the adaptive card in the result list.

  3. Select the Change main data task.

  4. In the Adaptive card templates menu, select a template.

    This displays the adaptive card's definition in the Template field.

    • To display the entire JSON code, click .

To create an adaptive card.

  1. In the Manager, select the Attestation > Basic configuration data > Adaptive cards category.

  2. Click in the result list.

  3. Edit the adaptive card's main data.

  4. Create a new template for adaptive cards.

  5. Save the changes.

  6. Create additional language-specific templates for this adaptive card as required and save the changes.

To use your customized adaptive card

  1. In the Designer, edit the ATT_AttestationHelper approve anywhere process.

    1. Select the Send Adaptive Card to Starling Cloud Assistant process step.

    2. Edit the value of the ParameterValue2 parameter and replace the name and UID with the values of your customized adaptive card.

  2. Save the changes.

To delete an adaptive card.

  1. In the Manager, select the Attestation > Basic configuration data > Adaptive cards category.

  2. Select the adaptive card in the result list.

  3. Click in the result list.

    This deletes the adaptive card and all the templates belonging to it.

Related topics

Creating, editing, and deleting adaptive cards templates for attestations

To use your own adaptive cards or to provide adaptive cards in other languages, create your own adaptive card's templates.

To create an adaptive card template

  1. In the Manager, select the Attestation > Basic configuration data > Adaptive cards category.

  2. Select the adaptive card in the result list.

  3. Edit the adaptive card's main data.

  4. Next to the Adaptive card templates menu, click .

  5. In the Language menu, select a language for the adaptive card.

    All active languages are shown. To use another language, in the Designer, enable the corresponding countries. For more information, see the One Identity Manager Configuration Guide.

  6. In the Template field, write a definition for the adaptive card.

    • To display the entire JSON code, click .

    You can use the Adaptive Card Designer from Microsoft or the Visual Studio Code Plugin to help.

  7. Save the changes.

  8. In the Designer, check the ATT_CloudAssistant_ApprovalAnywhere script and modify it to suit your requirements.

To edit an adaptive card template

  1. In the Manager, select the Attestation > Basic configuration data > Adaptive cards category.

  2. In the result list, select the adaptive card whose template you want to edit.

  3. Select the Change main data task.

  4. In the Adaptive card templates menu, select a template.

  5. In the Template field, edit the adaptive card definition.

    • To edit the entire JSON code, click .

  6. Save the changes.

To delete an adaptive card template

  1. In the Manager, select the Attestation > Basic configuration data > Adaptive cards category.

  2. In the result list, select the adaptive card whose template you want to delete.

  3. Edit the adaptive card's main data.

  4. In the Adaptive card templates menu, select the template.

  5. Click next to the menu.

  6. Save the changes.
Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating