Chat now with support
Chat with Support

Identity Manager 9.1.1 - Attestation Administration Guide

Attestation and recertification
One Identity Manager users for attestation Attestation base data Attestation types Attestation procedure Attestation schedules Compliance frameworks Chief approval team Attestation policy owners Standard reasons for attestation Attestation policies Sample attestation Grouping attestation policies Custom mail templates for notifications Suspending attestation
Approval processes for attestation cases
Approval policies for attestations Approval workflow for attestations Selecting attestors Setting up multi-factor authentication for attestation Prevent attestation by employee awaiting attestation Phases of attestation Attestation by peer group analysis Managing attestation cases
Attestation sequence Default attestation and withdrawal of entitlements User attestation and recertification Certifying new roles and organizations Mitigating controls Setting up attestation in a separate database Configuration parameters for attestation

Deleting attestation policies

IMPORTANT: Do not delete attestation policies, for audit reasons.

Attestation policies may still be removed from the One Identity Manager database under specific conditions. Ensure that the attestation policy is archived when deleted.

For more information about data archiving, see the One Identity Manager Configuration Guide.

Prerequisite

  • The attestation policy is disabled.

To delete an attestation policy

  1. In the Manager, select the Attestation > Attestation policies > Disabled policies category.

  2. Select the attestation policy in the result list and run the Change main data task.

  3. Select Delete attestation policy task.

  4. Confirm the security prompt with Yes.

    The attestation policy is deleted. All associated attestation cases, approval workflows and the attestation history are deleted.

Related topics

Disabling attestation policies

Attestations are run when the schedule assigned to an attestation policy is enabled. You can disabled attestation policies to prevent attestation cases being created for individual attestation policies.

IMPORTANT: All associated attestation cases are deleted. To be able to trace the changes later, configure how the data is logged. For more information, see Deleting attestation cases and the One Identity Manager Configuration Guide.

TIP: Numerous default attestation policies are supplied with One Identity Manager. Check which of the default attestation policies are relevant for your data situation when you set up your database. Disable all unnecessary attestation policies.

To disable an attestation policy

  1. In the Manager, select the Attestation > Attestation policies category.

  2. Select the attestation policy in the result list and run the Change main data task.

  3. Set Disabled.

  4. Save the changes.
Related topics

Reports about attestations

One Identity Manager makes various reports available containing information about the selected base object and its relations to other One Identity Manager database objects. You can generate the following reports for attestation policies.

Table 12: Reports about attestations
Report Description

Overview attestation run results

This report shows the results of an attestation run for the selected attestation policy.
Overview attestation run results including attestation history This report shows the results of an attestation run for the selected attestation policy including the attestation history.
Detailed status of an attestation run This report shows the detailed status of an attestation run including the estimated completion date.
Detailed status of an attestation run including approval history This report shows the detailed status of an attestation run including the estimated completion date and attestation history.

Sample attestation

Sample attestation provides a way to limit the set of attestation objects for an attestation. For example, this can be useful if attesting everyone in an audit would take too long. The sample data can either be generated automatically or compiled manually.

The One Identity Manager provides a standard sample that is used to attest memberships in system entitlements after organizational changes.

Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating