The One Identity Manager uses the same method for recertification as for certification of new users. User recertification is triggered when:
Employees are attested through their managers. If an employee is not assigned a manager, the employee administrator assigns an initial manager for them. Employee administrators and managers use the Web Portal for attestation.
|
NOTE: Only employee administrators can ultimately deny recertification. If a manager denies recertification, the case is returned to the employee administrators for approval in any case. |
Attestation is the same as described in Adding New Employees in the One Identity Manager, steps 4 to 7. The attestors are determined using the approval policy "Certification of users".
|
IMPORTANT: In order to customize default the attestation policy "Recertification of users" you must make changes to One Identity Manager objects. Always use a custom copy of the respective object to make changes. |
All employees in the saved in the database are recertified using the attestation policy "Recertification of users" supplied in the One Identity Manager. It may be necessary to limit recertification of new users to a certain group of employees, for example, if only employees in a specific departments should be attested. To do this, you can extend the condition attached to the attestation policy. Create a custom attestation policy for this.
The following objects must be changed so that recertification of users can be carried out with this attestation policy. Always create a copy of the respective object to do this.
|
IMPORTANT: In order for recertification to run correctly in the Web Portal, the default attestation procedure "Certification of users" and the default approval policy "Certification of users" must be assigned to the attestation policy. The default attestation procedure, the default approval policy and the default approval workflow "Certification of users" must not be changed. |
To customize default recertification of users
Property | Value |
---|---|
Attestation procedure | "User certification" |
Approval policies | "User certification" |
Edit connection... |
The default condition must be copied without modification so that the correct attestation object is selected. You can customize the condition to suit your requirements. |
Process property | Modification |
---|---|
Generating pre-script | Replace the UID of the attestation policy "Certification of new users" with the UID of the new attestation policy. |
Generating condition: |
Process property | Modification |
---|---|
Generating pre-script | Replace the UID of the attestation policy "Certification of new users" with the UID of the new attestation policy. |
Generating condition: |
Configuration parameter | Active Meaning |
---|---|
QER\CalculateRiskIndex | Preprocessor relevant configuration parameter controlling system components for calculating an employee's risk index. Changes to the parameter require recompiling the database.
If the parameter is set, values can be entered and calculated for the risk index. |
Violation of regulatory requirements can harbor different risks for companies. To evaluate these risks, you can apply risk indexes to compliance rules
Mitigating controls are independent on One Identity Manager’s functionality. They are not monitored through One Identity Manager.
Mitigating controls describe controls that are implemented if an attestation rule was violated. The attestation can be approved after the next attestation run, once controls have been applied.
To edit mitigating controls
For more detailed information about risk assessment, see the One Identity Manager Risk Assessment Administration Guide.
To edit mitigating controls
- OR -
Click in the result list toolbar.
Enter the following master data for mitigating controls.
Property | Description |
---|---|
Measure | Unique identifier for the mitigating control. |
Significance reduction | When the mitigating control is implemented, this value is used to reduce the risk of denied attestation cases. Enter a number between 0 and 1. |
Description | Detailed description of the mitigating control. |
Functional area | Functional area in which the mitigating control may be applied. |
Department | Department in which the mitigating control may be applied. |
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy