Chat now with support
Chat with Support

Identity Manager 8.1 - Attestation Administration Guide

Attestation and recertification
One Identity Manager users for attestation Attestation base data Attestation policies Creating custom mail templates for notifications
Approval processes for attestation cases
Approval policies Approval workflows Selecting attestors Setting up multi-factor authentication for attestation Prevent attestation by employee awaiting attestation Managing attestation cases
Attestation sequence Default attestation and withdrawal of entitlements User attestation and recertification Mitigating controls Appendix: Configuration parameters for attestation

Validity check

Once you have edited an approval policy you need to test it. This checks whether the approval steps can be used in the approval workflows in this combination. Non-valid approval steps are displayed in the error window.

To test an approval policy

  1. In Manager, select the category Attestation | Basic configuration data | Approval policies.

  2. Select the approval policy in the result list.

  3. Select Validity check.

Approval workflows

You need to allocate an approval workflow to the approval policies in order to find the attestors. In an approval workflow, you specify the approval procedures, the number of attestors and a condition for selecting the attestors.

Use the workflow editor to create and edit approval workflows.

To edit an approval workflow

  1. Select Attestation | Basic configuration data | Approval workflows.

  2. Select the approval workflow in the result list and run Change master data.

    - OR -

    Click in the result list toolbar.

    This opens the Workflow Editor.

  3. Edit the approval workflow master data.

  4. Save the changes.

Working with the workflow editor

Use the workflow editor to create and edit approval workflows. The workflow editor allows approval levels to be linked together. Multi-step approval processes are clearly displayed in a graphical form.

Figure 1: Workflow Editor

Approval levels and approval steps belonging to the approval workflow are edited in the workflow editor using special control elements. The workflow editor contains a toolbox. The toolbox methods are activated or deactivated depending on how they apply to the control. You can move the layout position of the control elements in the workflow editor with the mouse or these can be moved automatically.

Table 17: Entries in the toolbox






Edit the properties of the approval workflow.

Layout automatically

The workflow elements are aligned automatically. The workflow layout is recalculated.

Approval levels


A new approval level is added to the workflow.


Edit the properties of the approval workflow.


Deletes the approval level.

Approval steps


Add a new approval step to the approval level.


Edit the properties of the approval step.


Deletes the approval step.


Remove positive

The Approved connector for the selected approval level is deleted.

Remove negative

The Deny connector for the selected approval level is deleted.

Remove reroute

The Reroute connector for the selected approval level is deleted.

Remove escalation

The Escalate connector for the selected approval level is deleted.

Each of the controls has a properties window for editing the data of the approval workflow, level or step. To open the properties window, choose Toolbox | < Control> | Edit....

To delete a control, select the element and choose Toolbox | <Control> | Delete.

Individual elements are linked to each other with a connector. Activate the connection points with the mouse. The mouse cursor changes into an arrow icon for this. Hold down the left mouse button and pull a connector from one connection point to the next.

Figure 2: Approval workflow connectors

Table 18: Approval workflow connectors
Connector Meaning
Approve Link to next approval level if the current approval level was granted approval.
Deny Link to next approval level if the current approval level was not granted approval.
Reroute Link to another approval level to by-pass the current approval.
Escalate Connection to another approval level when the current approval level is escalated after timing out.

By default, a connection between workflow elements and level elements is created immediately when a new element is added. If you want to change the level hierarchy, drag a new connector to another level element.

Alternatively, you can release connectors between level elements using Toolbox | Assignments. To do this, mark the level element where the connector starts. Then add a new connector.

Different icons are displayed on the level elements depending on the configuration of the approval steps.

Table 19: Icons on the level elements
Icon Meaning
The approval decision is made by the system.
The approval decision is made manually.
The approval step contains a reminder function.
The approval step contains a timeout.

Changes to individual elements in the workflow do not take place until the entire approval workflow is saved. The layout position in the workflow editor is saved in addition to the approval policies.

Setting up approval workflows

An approval workflow consists of one or more approval levels. An approval level can contain one approval step or several parallel approval steps. Within the attestation process, all of the approval steps for one approval level must be executed before the next approval level is called. Use connectors to set up the sequence of approval levels in the approval workflow.

When you add a new approval workflow, the first thing to be created is a new workflow element.

To edit approval level properties

  1. Open the Workflow Editor.

  2. Select Toolbox | Workflow | Edit.

  3. Edit the workflow properties.

  4. Click OK.
Table 20: Approval workflow properties




Approval workflow name

System abort (days)

Number of days to elapse after which the approval workflow, and therefore the system, automatically ends the entire attestation procedure.


Spare text box for additional explanation.
Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating