Chat now with support
Chat with Support

Identity Manager 8.2.1 - Attestation Administration Guide

Attestation and recertification
One Identity Manager users for attestation Attestation base data Attestation policies Sample attestation Custom mail templates for notifications Suspending attestation
Approval processes for attestation cases
Approval policies for attestations Approval workflow for attestations Selecting attestors Setting up multi-factor authentication for attestation Prevent attestation by employee awaiting attestation Attestation by peer group analysis Managing attestation cases
Attestation sequence Default attestation and withdrawal of entitlements User attestation and recertification Mitigating controls Setting up attestation in a separate database Configuration parameters for attestation

Generating sample data automatically

One Identity Manager distinguishes between manual sampling and automatic sampling. Automatic sampling can trigger the generation of sample data as follows:

  • Event-based: All modified objects of an object class (table from which the sample data is selected) are calculated.

    Example: All user accounts whose risk index has increased since the previous attestation.

    For the default Monthly organizational changes of employees sample, the sample data are generated event-based.

  • In the sample, the Manually selected option is disabled.

To generate sample data for an event-based sample

  • In the Designer, create a process that is generated when changes are made to the table given in the sample. Use the Execute SQL process task from the SQLComponent process component.

    • Determine the value of the SQLStmt parameter with the following query:

      Dim f As ISqlFormatter = Connection.SqlFormatter Value = f.StoredProcedure(New SQLFunction("QER", "''", "PPickedItemInsert"), _ f.FormatValue("<UID_QERPickCategory>", ValType.String, True), _ f.FormatValue($XObjectKey$, ValType.String, True) _ )

    • UID_QERPickCategory: Unique identifier of the sample whose sample data is to be generated.

For more information about defining processes, see the One Identity Manager Configuration Guide.

If the Remove items after attestation run option is set in the sample, the sample data will be deleted as soon as an attestation run is completed. This way ensures that the sample always contains only those objects that have been changed since the previous attestation.

Related topics

Using samples with attestation policies

To use sampling for attestation, assign a sample to the appropriate attestation policies. A sample can only be assigned to exactly one attestation policy.

To assign a sample to an attestation policy

  1. In the Manager, select the Attestation > Attestation policies category.

  2. Select an attestation policy in the result list and run the Change main data task.

  3. In the Sample menu, select a sample.

    • To create a new sample, click . Enter the name of the sample and assign the table from which to take the data for the sample.

  4. Save the changes.
Related topics

Displaying the sample overview

You can see the most important information about a sample on the overview form. You can see the attestation policy that is used with sample.

To obtain an overview of a sample

  1. In the Manager, select the Attestation > Samples category.

  2. Select the sample in the results list.

  3. Select the Sample oerview task .

Related topics

Default sample for attesting memberships in system entitlements

A default sample is provided for attesting memberships in system entitlements after organizational changes. This sample data is determined automatically. This identifies all individuals whose manager or primary department, cost center, or business role assignment has changed since the previous attestation. All memberships are attested whose user accounts are associated with these individuals.

To use attestation of memberships in system authorizations after organizational changes

  1. In the Designer, set the QER | Selections | PersonOrganizationalChanges configuration parameter.

  2. In the Manager, assign an enabled schedule to the System entitlement memberships after organizational changes attestation policy.

Once an attestation run is complete, the sample data is deleted. As soon as an individual's organizational data changes, they are included in the sample. This ensures that the sample always includes only those individuals whose organizational data has changed since the previous attestation.

TIP: Sample data is calculated by the QER_Person_Add_to_PickCategory_Organizational_Changes process. You can customize the generating condition of this process.

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating