Chat now with support
Chat with Support

Identity Manager 8.1 - Attestation Administration Guide

Attestation and recertification
One Identity Manager users for attestation Attestation base data Attestation policies Creating custom mail templates for notifications
Approval processes for attestation cases
Approval policies Approval workflows Selecting attestors Setting up multi-factor authentication for attestation Prevent attestation by employee awaiting attestation Managing attestation cases
Attestation sequence Default attestation and withdrawal of entitlements User attestation and recertification Mitigating controls Appendix: Configuration parameters for attestation

Demanding attestation

When a new attestation case is made, the attestor is notified by mail. Demands for attestation can be configured separately for each approval step.

Prerequisite

  • The configuration parameter QER | Attestation | MailTemplateIdents | RequestApproverByCollection is disabled.

To set up the notification procedure

  • Enter the following data for the approval step.

    Mail template request: Attestation - approval required

    TIP: To allow approval by email, select the Attestation - approval required (by email) mail template.

NOTE: You can schedule demands for attestation to send a general notification if there are attestations pending. This replaces single demands for attestation at each approval step.

Related Topics

Reminding attestors

If an attestor has not made a decision by the time the reminder timeout expires, notification can be sent by email as a reminder. The attestors work time applies to the time calculation.

Prerequisite

  • The configuration parameter QER | Attestation | MailTemplateIdents | RequestApproverByCollection is disabled.

To set up the notification procedure

  • Enter the following data for the approval step.

    Table 34: Properties of the approval step for notification

    Property

    Meaning

    Reminder interval (hours)

    Number of working hours to elapse after which the attestor is notified by mail that there are still pending attestation cases for attestation.

    NOTE: Ensure that a state and/or county is entered into the employee‘s master data for determining the correct working hours.

    Mail template reminder

    Select the Attestation - Remind approver mail template.

    TIP: To allow approval by email, select the Attestation - remind approver (by email) mail template.

NOTE: You can schedule demands for attestation to send a general notification if there are attestations pending. This replaces single demands for attestation at each approval step.

Related Topics

Scheduling attestation demands

Attestors can be regularly notified of attestation cases that are pending. These regular notifications replace the individual prompts and attestation reminders that are configured in the approval step.

To send regular notifications about pending attestations

  1. Enable the QER | Attestation | MailTemplateIdents | RequestApproverByCollection configuration parameter in Designer.

    By default, a notification is sent with the Attestation - pending requests for approver mail template.

    TIP: To use something other than the default mail template for these notifications, change the value of the configuration parameter.
  2. In Designer, configure and enable the Inform approver about pending attestations schedule.

    For detailed information, see the One Identity Manager Operational Guide.

Reminding attestors about attestation objects

The hierarchical role manager and those responsible for system entitlements or system roles can view all pending attestation cases for this object in the Web Portal. If necessary, they can send reminders to attestors of selected attestation objects.

To send notification about a specific attestation object

  • In Designer, set the configuration parameter QER | Attestation | MailTemplateIdents | RemindApproverByObject.

    By default, notification is sent using the Attestation - remind approver of all open object attestations template.

TIP: To use something other than the default mail template for these notifications, change the value of the configuration parameter.

To send notifications user the Web Portal. For detailed information, see One Identity Manager Web Portal User Guide.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating