Predefined Standard Reasons
One Identity Manager provides predefined standard reasons. These standard reasons are entered into the
To display predefined standard reasons
- Select the category Attestation | Basic configuration data | Standard reasons | Predefined.
Attestation Policies
Attestation Policies
Attestation policies specify the concrete conditions for attestation. Use the master data form to enter the attestation procedure, approval policy and the schedule. You can use a WHERE clause to limit the attestation objects.
To edit attestation polices
- Select the category Attestation | Attestation policies.
- Select an attestation policy in the result list. Select Change master data in the task view.
- OR -
Click
in the result list toolbar.
- Edit the master data for the attestation policy.
- Save the changes.
General Master Data for Attestation Policies
General Master Data for Attestation Policies
|
Configuration parameter |
Meaning |
|---|---|
|
QER\Attestation\AllowAllReportTypes |
This configuration parameter specifies whether all report formats are permitted for attestation policies. By default, only PDF is allowed because it is the only audit secure format. |
|
QER\CalculateRiskIndex |
Preprocessor relevant configuration parameter controlling system components for calculating an employee's risk index. Changes to the parameter require recompiling the database. If the parameter is set, values can be entered and calculated for the risk index. |
Enter the following data for attestation policies.
|
Property |
Description | ||||||
|---|---|---|---|---|---|---|---|
|
Attestation policy |
Name of the attestation policy. | ||||||
|
Attestation procedure |
Attestation procedure used for attesting. Attestation procedures are displayed in a menu grouped by attestation type. | ||||||
|
Approval policies |
Approval policy for determining the attestor for the attestation objects. | ||||||
|
Owner |
Creator of the attestation policy. The name of the user logged into One Identity Manager is entered here by default. This can be changed. | ||||||
|
Time required (days) |
Number of day within which a decision must be made over the attestation. Enter "0" if you do not want to be specific. The One Identity Manager does not stipulate which action are carried out if processing times out. Define your own custom actions or evaluations to deal with this situation. | ||||||
|
Description |
Spare text box for additional explanation. | ||||||
|
Risk index |
Specifies the risk for the company if attestation for this attestation policy is denied. Use the slider to enter a value between 0 and 1. 0 ... no risk 1 ... the denied attestation is a problem This property is only visible when the configuration parameter QER\CalculateRiskIndex is set. | ||||||
|
Risk index (reduced) |
Show the risk index taking mitigating controls into account. The risk index for an attestation policy is reduced by the Significance reduction value for all assigned mitigating controls. This property is only visible when the configuration parameter QER\CalculateRiskIndex is set. The value is calculated by the One Identity Manager and cannot be edited. | ||||||
|
Calculation schedule |
Schedule for running attestation. Attestation cases are started automatically at the times specified by the schedule. | ||||||
|
Disabled |
Specifies whether the attestation policy is disabled or not. Attestation cases cannot be added to disabled attestation policies and, therefore, no attestation is done. Disabled attestation policies can be deleted under certain circumstances. Under certain circumstances, closed attestation cases are deleted the moment the attestation polices is disabled. | ||||||
|
Close obsolete tasks automatically |
Specifies whether pending attestation cases are aborted if new ones are added. If attestation is started and this option is set, first, all pending attestation cases for this attestation policy are canceled. Then, new attestation cases are created according to the condition. | ||||||
|
Obsolete tasks limit |
Specifies the maximum number of closed attestation cases that should remain in the database when closed attestation cases are deleted.
| ||||||
|
Reason for decision |
Reason which is given if the option Close obsolete tasks is set and pending attestation cases are automatically closed. | ||||||
|
Output format |
Format in which the report is generated. This menu is only visible if the configuration parameter "QER\Attestation\AllowAllReportTypes" is set. If the configuration parameter is not set, the default PDF format is used because it is the only format that is version compatible. | ||||||
|
Edit connection... |
Starts the WHERE clause wizard. Use this wizard to create a condition to determine the attestation objects from the database table specified in the attestation procedure. | ||||||
|
Condition |
Data query for finding attestation objects. This option is only available if the task Show condition has been run beforehand. | ||||||
|
Attestation with multi-factor authentication |
Attestation of this attestation policy requires multi-factor authentication. |
|
|
NOTE: You can only edit attestation policies in the Web Portal, which were created in the Web Portal. You will see a corresponding message on the master data form as to whether the attestation policy as created in the Web Portal. If you want to edit attestation policies like this, create a copy in the Manager. For more detailed information about editing attestation policies in the Web Portal, see the One Identity Manager Web Portal User Guide. |
Detailed information about this topic
- Showing and Hiding Conditions
- Schedules
- Disabling Attestation Policies
- Mitigating Controls
- Setting up Multi-Factor Authentication for Attestation
- Creating a Copy
Related Topics
Risk Assessment
Risk Assessment
| Configuration parameter | Active Meaning |
|---|---|
| QER\CalculateRiskIndex | Preprocessor relevant configuration parameter controlling system components for calculating an employee's risk index. Changes to the parameter require recompiling the database.
If the parameter is set, values can be entered and calculated for the risk index. |
You can use the One Identity Manager to evaluate the risk of attestation cases. To do this, enter a risk index for the attestation policy. The risk index specifies the risk involved for the company in connection with the data to be attested. The risk index is given as a number in the range 0-1. By doing this you specify whether data to be attested is considered not to be a risk (risk index = 0) or whether every denied attestation poses a problem (risk index = 1).
The risk that attestations will be denied approval can be reduced by using the appropriate mitigating controls. Enter these controls as mitigating controls in the One Identity Manager. You reduce the risk by the value entered as the significance reduction on the mitigating control. This value is used to calculate the reduced risk index for the attestation policy.
You can create several reports with the Report Editor to evaluate attestation cases depending on the risk index.
Detailed information about this topic
- Mitigating Controls
- One Identity Manager Risk Assessment Administration Guide
- Report Editor in the One Identity Manager Configuration Guide