Chat now with support
Chat with Support

Identity Manager 8.0 - Attestation Administration Guide

Attestation and Recertification
One Identity Manager Users for Attestation Attestation Base Data Attestation Policies Creating Custom Mail Templates for Notifications
Approval Processes for Attestation Cases
Approval Policies Approval Workflows Selecting Attestors Setting up Multi-Factor Authentication for Attestation Prevent Attestation by Employee Awaiting Attestation Managing Attestation Cases
Attestation Sequence Default Attestation and Withdrawal of Entitlements User Attestation and Recertification Mitigating Controls Configuration Parameters for Attestation

The Compliance Framework Overview

The Compliance Framework Overview

You can see the most important information about a compliance framework on the overview form.

To obtain an overview of a compliance framework

  1. Select the category Attestation | Basic configuration data | Compliance frameworks.
  2. Select the compliance framework from the result list.
  3. Select Compliance framework overview in the task view.

Assigning Attestation Policies

Assigning Attestation Policies

Use this task to specify which attestation polices are encompassed by the selected compliance framework.

To assign attestation policies to a compliance framework

  1. Select the category Attestation | Basic configuration data | Compliance frameworks.
  2. Select the compliance framework from the result list.
  3. Select Assign attestation polices in the task view.
  4. Double-click on the attestation policies you want to assign in Add assignments.

    – OR –

    Double-click on the attestation policies you want to remove in Remove Assignment.

  5. Save the changes.

Chief Approval Team

Chief approval team

Sometimes, approval decisions cannot be made for attestation cases because the attestor is not available or does not have access to One Identity Manager tools. To complete the attestation case, however, you can define a chief approval team whose members are authorized to intervene in the approval process at any time.

There is a default application role in One Identity Manager for the chief approval team. Assign this application role to all employees who are authorized to approve, deny, abort attestations in special cases or to authorize other attestors. For more information about application roles, see One Identity Manager Application Roles Administration Guide.

Table 8: Default Application Role for Chief Approval Team
User Task

Chief approval team

The chief approver must be assigned to the application role Identity & Access Governance| Attestation | Chief approval team.

Users with this application role:

  • Approve using attestation cases.
  • Assign attestation cases to other attestors.

To add members to the chief approval team

  1. Select the category Attestation | Basic configuration data | Chief approval team.
  2. Select Assign employees in the task view.
  3. Assign employee authorized to approve attestations in Add assignments.

    - OR -

    Remove the assignments of employee to chief approval team in Remove assignments.

  4. Save the changes.
Detailed information about this topic

Standard Reasons

Standard Reasons

In the Web Portal, you can enter reasons, which provide explanations for individual approval decisions of the attestations. You can freely formulate this text. You also have the option to predefine reasons. The attestor selects the most suitable text from these standards reasons in the Web Portal and stores it with the attestation case.

Standard reasons are display in the attestation history.

To edit standard reasons

  1. Select the category Attestation | Basic configuration data | Standard reasons.
  2. Select a standard reason in the result list. Select Change master data in the task view.

    - OR -

    Click in the result list toolbar.

  3. Edit the master data for a standard reason.
  4. Save the changes.

Enter the following properties for the standard reason.

Table 9: General Master Data for a Standard Reason
Property Description
Standard reason Reason text as displayed in the Web Portal and in the attestation history.
Description Spare text box for additional explanation.
Automatic Approval Specifies whether the reason text is entered automatically by One Identity Manager into the attestation case.

Do not set this option if the you want to select the standard reason in the Web Portal.

Additional text required Specifies whether an additional reason should be entered in freely formatted text for the attestation.
Related Documents