Chat now with support
Chat with Support

Identity Manager 9.1.1 - Attestation Administration Guide

Attestation and recertification
One Identity Manager users for attestation Attestation base data Attestation types Attestation procedure Attestation schedules Compliance frameworks Chief approval team Attestation policy owners Standard reasons for attestation Attestation policies Sample attestation Grouping attestation policies Custom mail templates for notifications Suspending attestation
Approval processes for attestation cases
Approval policies for attestations Approval workflow for attestations Selecting attestors Setting up multi-factor authentication for attestation Prevent attestation by employee awaiting attestation Phases of attestation Attestation by peer group analysis Managing attestation cases
Attestation sequence Default attestation and withdrawal of entitlements User attestation and recertification Certifying new roles and organizations Mitigating controls Setting up attestation in a separate database Configuration parameters for attestation

Configuring certification of new business roles

Attestation and certification of business roles with the New certification status can start when the following requirements are met.

To certify new business roles

  1. In the Designer, set the QER | Attestation | OrgApproval and QER | Attestation | OrgApproval | InitialApprovalState configuration parameters.

  2. The value of the InitialApprovalState configuration parameter to 1.

    All business roles added to the database from this point on are given the certification status New.

  3. In the Manager, edit the main data of the New business roles certification attestation policy.

    • Calculation schedule: Schedule for starting attestation.

    • Disabled: Disabled.

  4. In the Manager, assign at least one employee to the Identity Management | Business roles | Administrators application role.

  5. Save the changes.

Attestation and certification is started automatically for business role that were added with the Analyzer tool.

The Employees do not inherit option (Org.IsNoInheriteToPerson) is disabled by the VI_Attestation_AttestationCase_Org_Approval_Granted process.

Related topics

Configuring certification of new application roles

Attestation and certification of application roles with the New certification status can start when the following requirements are met.

To certify new application roles

  1. In the Designer, set the QER | Attestation | AERoleApproval and QER | Attestation | AERoleApproval | InitialApprovalState configuration parameters.

  2. The value of the InitialApprovalState configuration parameter to 1.

    All application roles added to the database from this point on are given the certification status New.

  3. In the Manager, edit the main data of the New application roles certification attestation policy.

    • Calculation schedule: Schedule for starting attestation.

    • Disabled: Disabled.

  4. In the Manager, assign at least one employee to the Base roles | Administrators application role.

  5. Save the changes.
Related topics

Mitigating controls

Violation of regulatory requirements can harbor different risks for companies. To evaluate these risks, you can apply risk indexes to attestation policies. These risk indexes provide information about the risk involved for the company if this particular policy is violated. Once the risks have been identified and evaluated, mitigating controls can be implemented.

Mitigating controls are independent on One Identity Manager’s functionality. They are not monitored through One Identity Manager.

Mitigating controls describe controls that are implemented if an attestation rule was violated. The attestation can be approved after the next attestation run, once controls have been applied.

To edit mitigating controls

  • In the Designer, set the QER | CalculateRiskIndex configuration parameter and compile the database.

If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

For more information about risk assessment, see the One Identity Manager Risk Assessment Administration Guide.

General main data of mitigating controls

To create or edit mitigating controls

  1. In the Manager, select the Risk index functions > Mitigating controls category.

  2. Select a mitigating control in the result list and run the Change main data task.

    - OR -

    Click in the result list.

  3. Edit the mitigating control main data.

  4. Save the changes.

Enter the following main data of mitigating controls.

Table 65: General main data of a mitigating control

Property

Description

Measure

Unique identifier for the mitigating control.

Significance reduction

When the mitigating control is implemented, this value is used to reduce the risk of denied attestation cases. Enter a number between 0 and 1.

Description

Detailed description of the mitigating control.

Functional area

Functional area in which the mitigating control may be applied.

Department

Department in which the mitigating control may be applied.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating