Attestation Procedures
Attestation procedure
Attestation procedures specify the attestation base object. They define which attestation object properties are to be attested. Attestation object data can be provided in list or report form.
To edit an attestation procedure
- Select the category Attestation | Basic configuration data | Attestation procedures.
- Select an attestation procedure in the result list. Select Change master data in the task view.
- OR -
Click
in the result list toolbar.
- Edit the attestation procedure master data.
- Save the changes.
General Master Data for an Approval Procedure
General Master Data for an Attestation Procedure
Enter the following properties for an attestation procedure.
| Property | Description |
|---|---|
| Attestation procedure | Any name for the attestation procedure. |
| Attestation type | Criteria for grouping attestation procedures. Attestation types make it easier to assign a matching attestation procedure to the attestation policies. |
| Description | Spare text box for additional explanation. |
| Report |
Report for the attestor containing all the necessary information about the attestation objects. Predefined reports are supplied in a menu. If you do not want to assign a report, you can specify additional information about the attestation objects in the boxes Property 1-4 (template). |
| Table |
Database table in which the attestation objects are to be found (= attestation base object). All tables, which fulfill the following conditions, are available:
|
| Preprocessor condition | Specifies the preprocessor configuration parameters on which the attestation procedure depends. Attestation procedures, which are disabled through a preprocessor condition, are not displayed in the One Identity Manager. |
| Grouping column 1-3 (template) |
A value template for formatting the value used to group and filter pending attestation cases in the Web Portal. Enter a value template in $ notation. The template can access properties of base objects and objects accessible through foreign key relations. |
| Grouping column 1-3 | Column headers for the columns Grouping column 1-3 (template). The columns are multi-language. To enter a translation, click  . |
| Property 1-4 (template) |
Templates for formulating a value that supplies additional information about the attestation object. Use these fields to show additional information about the attestation object in the Web Portal. Enter a value template in $ notation. The template can access properties of base objects and objects accessible through foreign key relations. |
| Property 1-4 | Column headers for the columns Property 1-4 (template). The columns are multi-language. To enter a translation, click . |
| Risk index template |
Template for formulating the value for the attestation case’s risk index. Enter a value template in $ notation. The template can access properties of base objects and objects accessible through foreign key relations. |
| Related object 1-3 (template) |
Template for formulating an object key for an object related to the attestation base object. Enter a value template in $ notation. The template can access properties of base objects and objects accessible through foreign key relations. Define the display value for this object in Grouping column 1-3 (template). |
Example
Attesting Active Directory group memberships. Group the attestation cases by user account display value, Active Directory group display value and the display value of associated employees. The Web Portal group's canonical name should be displayed with every group membership in the Active Directory. The attestation case's risk index can be determined from the group membership's risk index. The object key for the object relation can be found from the Active Directory user account. The information required about the attestation objects will be summarized in a report. To do this, enter the following data on the master data form.
| Property | Value |
|---|---|
| Table | Database table ADSAccountInADSGroupTotal |
| Report | <report name> |
| Grouping column 1 |
$UID_ADSAccount[d]$ |
| Grouping column 2 |
$UID_ADSGroup[d]$ |
| Grouping column 3 |
$FK(UID_ADSAccount).UID_Person[d]$ |
| Property 1 (template) |
$FK(UID_ADSGroup).CanonicalName$ |
| Risk index template |
$RiskIndexCalculated$ |
| Object relation 1 |
$FK(UID_ADSAccount).XObjectKey$ |
Detailed information about this topic
- Attestation Types
- Defining Reports for Attestation
- One Identity Manager Configuration Guide
Defining Reports for Attestation
Defining Reports for Attestation
Define attestation reports with the Report Editor. Note the following when you define a report for attestation:
- The base table for the report must be identical to the one for the attestation procedure.
- Enter "Attestation" to filter the report. This ensures that the report is displayed in the Report menu of the attestation procedure.
- Define a parameter "ObjectKeyBase" for the attestation object so that the exact information for the affected attestation object is reported for each attestation object. Use the parameters in the data source definition for the report in Condition text box.
Example: XObjectKey = @ObjectKeyBase
Default reports
The One Identity Manager supplies some default reports for attestation. These are used in the default attestation procedures, amongst others. Default report are given the prefix "VI_".
|
|
IMPORTANT: Changes to standard reports can lead to attestation errors. Do not change default reports. |
Default Attestation Procedures
Default Attestation Procedures
The One Identity Manager provides a default approval procedure for default attestation of new users and recertification of all employees stored in the One Identity Manager database. Moreover, default approval procedures are supplied through which the different roles, user accounts and system entitlements mapped in the united namespace, can be attested. Using these default approval policies you can create attestation procedures easily in the Web Portal.
To display default attestation procedures
- Select the category Attestation | Basic configuration data | Attestation procedures | Predefined.
For more detailed information about using default attestation procedures, see the One Identity Manager Web Portal User Guide.