Configuration parameter | Meaning |
---|---|
QER\Attestation | Preprocessor relevant configuration parameter for controlling the model parts for attestation. Changes to the parameter require recompiling the database.
If the parameter is enabled you can use the attestation function. |
Managers or others responsible for compliance can use the One Identity Manager attestation function to certify correctness of access permissions, authorizations, requests or exception approvals either scheduled or on demand. "Recertification" is the term generally used to describe regular certification of permissions. The One Identity Manager uses the same workflows for recertification and attestation.
Attestation policies are defined in the One Identity Manager, which you use to carry out attestations. Attestation policies specify which objects are attested when, how often and by whom. Once an attestation is performed, the One Identity Manager creates attestation cases, which contain all the necessary information about the attestation objects and the attestor responsible. The attestor checks the attestation objects. They verify the correctness of the data and initiate any changes that need to be made if the data conflicts with internal rules.
Attestation cases record the entire attestation sequence. Each attestation step in the attestation case can be audit-proof reconstructed. Attestations are run regularly using scheduled tasks. You can also trigger single attestations manually.
Attestation is complete when the attestation case has been granted or denied approval. You specify how to deal with granted or denied attestations on a company basis.
|
TIP: The One Identity Manager provides various default attestation procedures for different data situations and default attestation procedures. If you use these default attestation procedures, you can configure how you deal with denied attestations. For more information, see Default Attestation and Withdrawal of Entitlements. |
To use attestation functionality
The following users are used for attestation.
User | Task |
---|---|
Administrators for attestation cases |
Administrators are assigned to the application roles Identity & Access Governance | Attestation | Administrators. Users with this application role:
|
One Identity Manager administrators |
|
Attestors |
Attestators in charge are determined through approval procedures. |
Compliance & Security Officer |
Compliance and security officers must be assigned to the application role Identity & Access Governance | Compliance & Security Officer. Users with this application role:
|
Auditors |
Auditors are assigned to the application role Identity & Access Governance | Auditors. Users with this application role:
|
Chief approval team |
The chief approver must be assigned to the application role Identity & Access Governance| Attestation | Chief approval team. Users with this application role:
|
The attestation framework and the objects to be attested are specified in the attestation policy. You require certain base data to define attestation policies.
Attestation types: | Attestation Types |
Approval policies: | Approval Policies |
Approval workflows: | Approval Workflows |
Approval procedures: | Setting up Approval Procedures |
Attestation procedures: | Attestation procedure |
Schedules: | Schedules |
Compliance frameworks: | Compliance Frameworks |
Mail templates: | Creating Custom Mail Templates for Notifications |
Chief approval team: | Chief approval team |
Standard reasons: | Standard Reasons |
Attestation types are used to group attestation procedures. These make it easier to assign a matching attestation procedure to the attestation policies.
To edit attestation types
– OR –
Click in the result list toolbar.
© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy