Chat now with support
Chat with Support

Identity Manager 9.1.2 - Attestation Administration Guide

Attestation and recertification
One Identity Manager users for attestation Attestation base data Attestation types Attestation procedure Attestation schedules Compliance frameworks Chief approval team Attestation policy owners Standard reasons for attestation Attestation policies Sample attestation Grouping attestation policies Custom mail templates for notifications Suspending attestation
Approval processes for attestation cases
Approval policies for attestations Approval workflow for attestations Selecting attestors Setting up multi-factor authentication for attestation Prevent attestation by employee awaiting attestation Phases of attestation Attestation by peer group analysis Managing attestation cases
Attestation sequence Default attestation and withdrawal of entitlements User attestation and recertification Certifying new roles and organizations Mitigating controls Setting up attestation in a separate database Configuration parameters for attestation

Validity checking

Once you have edited an approval policy, you need to test it. This checks whether the approval steps can be used in the approval workflows in this combination. Non-valid approval steps are displayed in the error window.

To test an approval policy

  1. In the Manager, select the Attestation > Basic configuration data > Approval policies category.

  2. Select the approval policy in the result list.

  3. Select the Validity check task.

Approval workflow for attestations

You need to allocate an approval workflow to the approval policies in order to find the attestors. In an approval workflow, you specify the approval procedures, the number of attestors and a condition for selecting the attestors.

Use the workflow editor to create and edit approval workflows.

To edit an approval workflow

  1. In the Manager, select the Attestation > Basic configuration data > Approval workflows category.

  2. Select the approval workflow in the result list and run the Change main data task.

    - OR -

    Click in the result list.

    This opens the Workflow Editor.

  3. Edit the approval workflow main data.

  4. Save the changes.

Working with the workflow editor

Use the workflow editor to create and edit approval workflows. The workflow editor allows approval levels to be linked together. Multi-step approval processes are clearly displayed in a graphical form.

Figure 1: Workflow editor

Approval levels and approval steps belonging to the approval workflow are edited in the workflow editor using special control elements. The workflow editor contains a toolbox. The toolbox items are activated or deactivated depending on how they apply to the control. You can move the layout position of the control elements in the workflow editor with the mouse or these can be moved automatically.

Table 22: Entries in the toolbox

Control

Item

Meaning

Workflow

Edit

Edit the properties of the approval workflow.

Layout automatically

The workflow elements are aligned automatically. The workflow layout is recalculated.

Approval levels

Add

A new approval level is added to the workflow.

Edit

Edit the properties of the approval workflow.

Delete

Deletes the approval level.

Approval steps

Add

Add a new approval step to the approval level.

Edit

Edit the properties of the approval step.

Delete

Deletes the approval step.

Assignments

Remove positive

The Approved connector for the selected approval level is deleted.

Remove negative

The Deny connector for the selected approval level is deleted.

Remove reroute

The Reroute connector for the selected approval level is deleted.

Remove escalation

The Escalate connector for the selected approval level is deleted.

Each of the controls has a properties window for editing the data of the approval workflow, level, or step. To open the properties window, select the Toolbox > < Control> > Edit item.

To delete a control, select the element and then the Toolbox > <Control> > Delete item.

Individual elements are linked to each other with a connector. Activate the connection points with the mouse. The cursor changes into an arrow icon for this. Hold down the left mouse button and pull a connector from one connection point to the next.

Figure 2: Approval workflow connectors

Table 23: Approval workflow connectors
Connector Meaning

Approve

Link to next approval level if the current approval level was granted approval.

Deny

Link to next approval level if the current approval level was not granted approval.

Reroute

Link to other approval levels to bypass the current approval.

Escalation

Connection to another approval level when the current approval level is escalated after timing out.

By default, a connection between workflow elements and level elements is created immediately when a new element is added. If you want to change the level hierarchy, drag a new connector to another level element.

Alternatively, you can release connectors between level elements using the Toolbox > Assignments items. To do this, mark the level element where the connector starts. Then add a new connector.

Different icons are displayed on the level elements depending on the configuration of the approval steps.

Table 24: Icons on the level elements
Icon Meaning

The approval decision is made by the system.

The approval decision is made manually.

The approval step contains a reminder function.

The approval step contains a timeout.

Changes to individual elements in the workflow do not take place until the entire approval workflow is saved. The layout position in the workflow editor is saved in addition to the approval policies.

Setting up approval workflows

An approval workflow consists of one or more approval levels. An approval level can contain one approval step or several parallel approval steps. Within the attestation procedure, all of the approval steps for one approval level must be run before the next approval level is called. Use connectors to set up the sequence of approval levels in the approval workflow.

When you add a new approval workflow, the first thing to be created is a new workflow element.

To edit approval level properties

  1. Open the Workflow Editor.

  2. Select the Toolbox > Workflow > Edit item.

  3. Edit the workflow properties.

  4. Click OK.
Table 25: Approval workflow properties

Property

Meaning

Name

Approval workflow name.

System halt (days)

Number of days to elapse after which the approval workflow, and therefore the system, automatically halts the entire attestation procedure.

Description

Text field for additional explanation.
Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating