Chat now with support
Chat with Support

Identity Manager 8.1 - Attestation Administration Guide

Attestation and recertification
One Identity Manager users for attestation Attestation base data Attestation policies Creating custom mail templates for notifications
Approval processes for attestation cases
Approval policies Approval workflows Selecting attestors Setting up multi-factor authentication for attestation Prevent attestation by employee awaiting attestation Managing attestation cases
Attestation sequence Default attestation and withdrawal of entitlements User attestation and recertification Mitigating controls Appendix: Configuration parameters for attestation

Granting or denying attestation cases

When an attestation case is granted approval or denied it, other employees receive notification. Notification may occur after approval or denial of a single approval step or once the entire approval process is complete. You can specify the recipient of the notification as required by the company.

Attestation cases can be automatically granted or denied approval once a specified time period has been exceeded. Notification is sent in the same way in this case.

To set up the notification procedure

  1. Create custom mail templates for sending notification if attestation cases have been granted or denied approval.

  2. Create company specific processes for notifications.

  3. Enter the following data in the approval step when notification should immediately follow the approval decision of a single approval step:

    Table 35: Properties of the approval step for notification

    Property

    Meaning

    Mail template for approval

    Mail template to be used for email notification when an approval step is approved.

    Mail template denied

    Mail template to be used for email notification when an approval step is denied.

    - OR -

    Enter the following data in the approval policy when notification should immediately follow completion of the approval procedure.

    Table 36: Properties of an approval policy for notifications

    Property

    Meaning

    Mail template for approval

    Mail template to be used for email notifications when an attestation case is approved.

    Mail template denied

    Mail template to be used for email notifications when an attestation case is denied.

Detailed information about this topic

Notifying delegates

If required, a delegator can receive notifications if the recipient of the delegation has made an approval decision in an attestation case. A notification is sent once an employee has been determined as an attestor due to delegation and has made an approval decision for the attestation case.

To send a notification when the employee who was delegated an approval approves or denies the attestation.

  • In Designer, set the QER | ITShop | Delegation | MailTemplateIdents | InformDelegatorAboutDecisionAttestation configuration parameter.

    By default, a notification is sent with the Delegation - inform delegator about decided attestation mail template.

TIP: Change the value of the configuration parameter in order to use custom mail templates for these mails.

Delegations are taken into account in the following default approval procedures.

Table 37: Delegation relevant default approval procedures

Delegation of

Approval procedure

Department responsibilities

DM, ED

Cost center responsibilities

PM

Location responsibilities

LM

Business role responsibilities

MO, OM, RM, RR

Employee responsibilities

CM, EM

Memberships in business roles

OR

Memberships in application roles

AA, AD, AL, AN, AO, AP, AR, AS, AT, AY, EN, EO, OA, SO

Example

Jon Blogs is responsible for the business role R1. He delegates his responsibility for the business role to Clara Harris. Clara Harris is herself responsible for business role R2.

A member of business role R1 is to be attested. Jon Bloggs is established as an attestor through the OM - Manager of a specific role approval process. The attestation case is assigned to Clara Harris for approval through delegation. Jon Blogs is notified as soon as Clara Harris has made her approval decision for the attestation case.

A member of business role R2 is to be attested. Clara Harris is established as an attestor through the OM - Manager of a specific role approval process. No notification is sent because Clara Harris does not make the approval decision due to delegation.

For more detailed information about delegating responsibilities, see the One Identity Manager IT Shop Administration Guide.

Related Topics

Aborting attestation cases

Email notifications can be sent to other employees when an attestation case is aborted. You can specify the recipient of the notification as required by the company.

To set up the notification procedure

  1. Create custom mail templates for sending notification if attestation cases have been aborted.

  2. Create company specific processes for notifications.

  3. Enter the following data for the approval policy:

    Mail template aborted: Mail template to be used for email notifications when an attestation case is aborted.

Detailed information about this topic

Escalation of attestation cases

Email notifications can be sent to the attestation policy's owner when an attestation case is escalated.

To set up the notification procedure

  • Enter the following data for the approval step.

    Mail template escalation: Attestation - Escalation

Related Topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating