Chat now with support
Chat with Support

We are currently experiencing issues on our phone support and are working diligently to restore services. For support, please sign in and create a case or email supportadmin@quest.com for assistance

Identity Manager On Demand Hosted - Attestation Administration Guide

Attestation and recertification
One Identity Manager users for attestation Attestation base data Attestation policies Sample attestation Custom mail templates for notifications Suspending attestation
Approval processes for attestation cases
Approval policies for attestations Approval workflow for attestations Selecting attestors Setting up multi-factor authentication for attestation Prevent attestation by employee awaiting attestation Attestation by peer group analysis Managing attestation cases
Attestation sequence Default attestation and withdrawal of entitlements User attestation and recertification Mitigating controls Setting up attestation in a separate database Configuration parameters for attestation

Creating mitigating controls

To create a mitigating control for attestation policies

  1. In the Manager, select the Attestation > Attestation policies category.

  2. Select an attestation policy in the result list.

  3. Select the Assign mitigating controls task.

  4. Select Create mitigating controls task.

  5. Enter the main data of the mitigating control.

  6. Save the changes.
  7. Select the Assign attestation polices task.

  8. In the Add assignments pane, double-click the attestation policies you want to assign.

  9. Save the changes.
Detailed information about this topic

Running attestation for single objects

Use this task to start attestations independently from a schedule. If you run the task, a separate window is opened. Select the objects to be attested now from a list of all attestation objects. The selection is one-off.

The Close obsolete tasks automatically option is not taken into account for the selected attestation objects.

If a sample is assigned to the attestation policy, you can select individual objects from the sample data. The Remove items after attestation run option is not taken into account; the attestation data is not deleted after the attestation run.

To start attestation for the selected objects

  1. In the Manager, select the Attestation > Attestation policies category.

  2. Select the attestation policy in the result list. Select the Change main data task.

  3. Select the Run attestation cases for single objects... task.

    This opens a separate window.

  4. In the Attestation column, select every object for which attestation is to be run.

  5. Click Run.

    Attestation cases are generated for the selected attestation objects. As soon as DBQueue Processor has processed the task, you will see the newly created attestation cases in the navigation view under the Attestation runs > <attestation policy> > Attestation runs > <year> > <month> > <day> > Pending attestations menu item.

  6. Click Close.

Related topics

Showing or hiding conditions

The condition for finding attestation objects can be viewed and edited in the Where Clause Wizard. The SQL query for this condition can be displayed on the main data form.

To show the condition for finding attestation objects on the main data form

  1. In the Manager, select the Attestation > Attestation policies category.

  2. Select the attestation policy in the result list and run the Change main data task.

  3. Select the Show condition task.

    This displays the Condition field on the main data form. The condition is written like a database query WHERE clause. You can edit it directly.

To hide the condition for finding attestation objects

  1. In the Manager, select the Attestation > Attestation policies category.

  2. Select the attestation policy in the result list and run the Change main data task.

  3. Select the Hide condition task.

    The Condition field is no longer displayed on the main data form.

Copy attestation policies

You can make copies of attestation policies and use them to modify default attestation policies, for example.

To copy an attestation policy

  1. In the Manager, select the Attestation > Attestation policies category.

  2. Select the attestation policy in the result list.

  3. Select the Create copy task.

  4. Confirm the security prompt with Yes.

    The attestation policy copy is displayed on the main data form with the name Copy of <Name of original attestation policy>. You can edit this attestation policy.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating