You can use One Identity Manager to evaluate the risk of attestation cases. To do this, enter a risk index for the attestation policy. The risk index specifies the risk involved for the company in connection with the data to be attested. The risk index is given as a number in the range 0 .. 1. By doing this you specify whether data to be attested is considered not to be a risk (risk index = 0) or whether every denied attestation poses a problem (risk index = 1).
The risk that attestations will be denied approval can be reduced by using the appropriate mitigating controls. Enter these controls as mitigating controls in One Identity Manager. You reduce the risk by the value entered as the significance reduction on the mitigating control. This value is used to calculate the reduced risk index for the attestation policy.
You can create several reports with the Report Editor to evaluate attestation cases depending on the risk index. For more information, see the One Identity Manager Configuration Guide.
Risk assessments can be carried out when the QER | CalculateRiskIndex configuration parameter is enabled. For more information, see the One Identity Manager Risk Assessment Administration Guide.
Detailed information about this topic
One Identity Manager provides default attestation policies for default attestation of new users and recertification of all employees stored in the One Identity Manager database. In addition to this, default attestation policies are provided through which various roles, memberships in roles, user accounts, and system entitlements mapped in the Unified Namespace can be attested.
To display default attestation policies
You can customize the following properties for default attestation policies:
-
Approval policies (if several approval policies can be assigned)
-
Owner
-
Processing time
-
Risk index
-
Calculation schedule
-
Deactivated
-
Close obsolete tasks automatically
-
Obsolete tasks limit
-
Reason for decision
-
Condition
-
Approval by multi-factor authentication
NOTE: You can edit attestation policies, whose condition is stored as a definition (XML), in the Web Portal. The definition (XML) cannot be edited in the Manager. For more information, see the One Identity Manager Web Designer Web Portal User Guide.
You can see the most important information about an attestation policy on the overview form.
To obtain an overview of an attestation policy
-
In the Manager, select the Attestation > Attestation policies category.
-
Select the attestation policy in the result list.
-
Select Attestation policy overview task.