Chat now with support
Chat with Support

Identity Manager 8.1 - Attestation Administration Guide

Attestation and recertification
One Identity Manager users for attestation Attestation base data Attestation policies Creating custom mail templates for notifications
Approval processes for attestation cases
Approval policies Approval workflows Selecting attestors Setting up multi-factor authentication for attestation Prevent attestation by employee awaiting attestation Managing attestation cases
Attestation sequence Default attestation and withdrawal of entitlements User attestation and recertification Mitigating controls Appendix: Configuration parameters for attestation

Predefined standard reasons

One Identity Manager provides predefined standard reasons. These standard reasons are entered into the attestation case in the case of automatic approval by One Identity Manager.

To display predefined standard reasons

  • In Manager, select the Attestation | Basic configuration data | Standard reasons | Predefined category.

Attestation policies

Attestation policies specify the concrete conditions for attestation. Use the master data form to enter the attestation procedure, approval policy and the schedule. You can use a WHERE clause to limit the attestation objects.

To edit attestation polices

  1. In the Manager, select Attestation | Attestation policies.

  2. Select an attestation policy in the result list and run Change master data.

    - OR -

    Click in the result list toolbar.

  3. Edit the master data for the attestation policy.

  4. Save the changes.

General master data for attestation policies

Enter the following data for attestation policies.

Table 9: General Master Data for Attestation Policies



Attestation policy

Name of the attestation policy.

Attestation procedure

Attestation procedure used for attesting. Attestation procedures are displayed in a menu grouped by attestation type.

Approval policies

Approval policy for determining the attestor for the attestation objects.


Creator of the attestation policy. The name of the user logged into One Identity Manager is entered here by default. This can be changed.

Time required (days)

Number of days within which a decision must be made over the attestation. Enter 0 if you do not want to specify a particular processing period.

One Identity Manager does not stipulate which actions are carried out if processing times out. Define your own custom actions or evaluations to deal with this situation.


Spare text box for additional explanation.

Risk index

Specifies the risk for the company if attestation for this attestation policy is denied. Use the slider to enter a value between 0 and 1.

  • 0: No risk

  • 1: The denied attestation is a problem.

This input field is only visible if the configuration parameter QER | CalculateRiskIndex is activated.

Risk index (reduced)

Show the risk index taking mitigating controls into account. The risk index for an attestation policy is reduced by the Significance reduction value for all assigned mitigating controls.

This input field is only visible if the configuration parameter QER | CalculateRiskIndex is activated. The value is calculated by the One Identity Manager and cannot be edited.

Calculation schedule

Schedule for running attestation. Attestation cases are started automatically at the times specified by the schedule.


Specifies whether the attestation policy is disabled or not.

Attestation cases cannot be added to disabled attestation policies and, therefore, no attestation is done. Disabled attestation policies can be deleted under certain circumstances.

Under certain circumstances, closed attestation cases are deleted the moment the attestation polices is disabled.

Close obsolete tasks automatically

Specifies whether pending attestation cases are aborted if new ones are added.

If attestation is started and this option is set, first, all pending attestation cases for this attestation policy are canceled. Then, new attestation cases are created according to the condition.

Obsolete tasks limit

Specifies the maximum number of closed attestation cases that should remain in the database when closed attestation cases are deleted.

  • 0: No attestation cases are deleted.

  • > 0: The given number of closed attestation cases to remain in the database

Reason for decision

Reason which is given if the option Close obsolete tasks automatically is set and pending attestation cases are automatically closed.

Output format

Format in which the report is generated.

This menu is only visible if the QER | Attestation | AllowAllReportTypes configuration parameter is set. If the configuration parameter is not set, the default PDF format is used because it is the only format that is version compatible.

Edit connection...

Starts the WHERE clause wizard. Use this wizard to create a condition to determine the attestation objects from the database table specified in the attestation procedure.


Data query for finding attestation objects.

This option is only available if the task Show condition has been run beforehand.

Attestation with multi-factor authentication

Attestation of this attestation policy requires multi-factor authentication.

NOTE: You can only edit attestation policies in the Web Portal that were created in the Web Portal. You will see a corresponding message on the master data form as to whether the attestation policy as created in the Web Portal.

If you want to edit attestation policies like this, create a copy in the Manager.

For detailed information about editing attestation policies in the Web Portal, see the One Identity Manager Web Portal User Guide.

Detailed information about this topic
Related Topics

Risk assessment

You can use One Identity Manager to evaluate the risk of attestation cases. To do this, enter a risk index for the attestation policy. The risk index specifies the risk involved for the company in connection with the data to be attested. The risk index is given as a number in the range 0 .. 1. By doing this you specify whether data to be attested is considered not to be a risk (risk index = 0) or whether every denied attestation poses a problem (risk index = 1).

The risk that attestations will be denied approval can be reduced by using the appropriate mitigating controls. Enter these controls as mitigating controls in One Identity Manager. You reduce the risk by the value entered as the significance reduction on the mitigating control. This value is used to calculate the reduced risk index for the attestation policy.

You can create several reports with the Report Editor to evaluate attestation cases depending on the risk index. For more detailed information, see the One Identity Manager Configuration Guide.

Risk assessments can be carried out when the QER | CalculateRiskIndex configuration parameter is enabled. For more detailed information, see the One Identity Manager Risk Assessment Administration Guide.

Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating