One Identity Manager provides predefined standard reasons. These standard reasons are entered into the attestation case in the case of automatic approval by One Identity Manager.
To display predefined standard reasons
Attestation policies specify the concrete conditions for attestation. Use the master data form to enter the attestation procedure, approval policy and the schedule. You can use a WHERE clause to limit the attestation objects.
To edit attestation polices
-
In the Manager, select the Attestation | Attestation policies category.
-
Select an attestation policy in the result list and run the Change master data task.
- OR -
Click
in the result list.
-
Edit the master data for the attestation policy.
- Save the changes.
Enter the following data for attestation policies.
Table 9: General master data for attestation policies
Attestation policy |
Name of the attestation policy. |
Attestation procedure |
Attestation procedure used for attesting. Attestation procedures are displayed in a menu grouped by attestation type. |
Approval policies |
Approval policy for determining the attestor for the attestation objects. |
Owner |
Creator of the attestation policy. The name of the user logged in to One Identity Manager is entered here by default. This can be changed. |
Time required (days) |
Number of days within which a decision must be made over the attestation. Enter 0 if you do not want to specify a particular processing period.
One Identity Manager does not stipulate which actions are carried out if processing times out. Define your own custom actions or evaluations to deal with this situation. |
Description |
Text field for additional explanation. |
Risk index |
Specifies the risk for the company if attestation for this attestation policy is denied. Use the slider to enter a value between 0 and 1.
This input field is only visible if the QER | CalculateRiskIndex configuration parameter is activated. |
Risk index (reduced) |
Show the risk index taking mitigating controls into account. The risk index for an attestation policy is reduced by the Significance reduction value for all assigned mitigating controls.
This input field is only visible if the QER | CalculateRiskIndex configuration parameter is activated. The value is calculated by One Identity Manager and cannot be edited. |
Calculation schedule |
Schedule for running attestation. Attestation cases are started automatically at the times specified by the schedule. |
Deactivated |
Specifies whether the attestation policy is disabled or not.
Attestation cases cannot be added to disabled attestation policies and, therefore, no attestation is done. Disabled attestation policies can be deleted.
Completed attestation cases can be deleted once the attestation policy is disabled. |
Close obsolete tasks automatically |
Specifies whether pending attestation cases are aborted if new ones are added.
If attestation is started and this option is set, new attestation cases are created according to the condition. All pending, obsolete attestation cases for newly determined attestation objects of this attestation policy are aborted. Attestation cases for attestation objects that are not recalculated, remain intact. |
Obsolete tasks limit |
Specifies the maximum number of closed attestation cases for each attestation object that should remain in the database when closed attestation cases are deleted.
|
Reason for decision |
Reason that is given if the Close obsolete tasks automatically option is set and pending attestation cases are automatically closed. |
Output format |
Format in which the report is generated.
This menu is only visible if the QER | Attestation | AllowAllReportTypes configuration parameter is set. If the configuration parameter is not set, the default PDF format is used because it is the only format that is version compatible. |
Edit connection... |
Starts the WHERE clause wizard. Use this wizard to create or edit a condition to determine the attestation objects from the database table specified in the attestation procedure. |
Condition |
Data query for finding attestation objects.
This shows the input field for new attestation policies.
To show the condition for existing attestation policies, run the Show condition task. |
Attestation with multi-factor authentication |
Attestation of this attestation policy requires multi-factor authentication. |
NOTE: You can only edit attestation policies in the Web Portal that were created in the Web Portal. You will see a corresponding message on the master data form as to whether the attestation policy as created in the Web Portal.
If you want to edit attestation policies like this, create a copy in the Manager.
For detailed information about editing attestation policies in the Web Portal, see the One Identity Manager Web Portal User Guide.
Detailed information about this topic
Related topics
You can use One Identity Manager to evaluate the risk of attestation cases. To do this, enter a risk index for the attestation policy. The risk index specifies the risk involved for the company in connection with the data to be attested. The risk index is given as a number in the range 0 .. 1. By doing this you specify whether data to be attested is considered not to be a risk (risk index = 0) or whether every denied attestation poses a problem (risk index = 1).
The risk that attestations will be denied approval can be reduced by using the appropriate mitigating controls. Enter these controls as mitigating controls in One Identity Manager. You reduce the risk by the value entered as the significance reduction on the mitigating control. This value is used to calculate the reduced risk index for the attestation policy.
You can create several reports with the Report Editor to evaluate attestation cases depending on the risk index. For more detailed information, see the One Identity Manager Configuration Guide.
Risk assessments can be carried out when the QER | CalculateRiskIndex configuration parameter is enabled. For more detailed information, see the One Identity Manager Risk Assessment Administration Guide.
Detailed information about this topic