Chat now with support
Chat with Support

Identity Manager 9.0 LTS - Attestation Administration Guide

Attestation and recertification
One Identity Manager users for attestation Attestation base data Attestation types Attestation procedure Attestation schedules Compliance frameworks Chief approval team Attestation policy owners Standard reasons for attestation Attestation policies Sample attestation Grouping attestation policies Custom mail templates for notifications Suspending attestation
Approval processes for attestation cases
Approval policies for attestations Approval workflow for attestations Selecting attestors Setting up multi-factor authentication for attestation Prevent attestation by employee awaiting attestation Attestation by peer group analysis Managing attestation cases
Attestation sequence Default attestation and withdrawal of entitlements User attestation and recertification Mitigating controls Setting up attestation in a separate database Configuration parameters for attestation

Using samples with attestation policies

To use sampling for attestation, assign a sample to the appropriate attestation policies. A sample can only be assigned to exactly one attestation policy.

To assign a sample to an attestation policy

  1. In the Manager, select the Attestation > Attestation policies category.

  2. Select an attestation policy in the result list and run the Change main data task.

  3. In the Sample menu, select a sample.

    • To create a new sample, click . Enter the name of the sample and assign the table from which to take the data for the sample.

  4. Save the changes.
Related topics

Displaying the sample overview

You can see the most important information about a sample on the overview form. You can see the attestation policy that is used with sample.

To obtain an overview of a sample

  1. In the Manager, select the Attestation > Samples category.

  2. Select the sample in the results list.

  3. Select the Sample oerview task .

Related topics

Default sample for attesting memberships in system entitlements

A default sample is provided for attesting memberships in system entitlements after organizational changes. This sample data is determined automatically. This identifies all individuals whose manager or primary department, cost center, or business role assignment has changed since the previous attestation. All memberships are attested whose user accounts are associated with these individuals.

To use attestation of memberships in system authorizations after organizational changes

  1. In the Designer, set the QER | Selections | PersonOrganizationalChanges configuration parameter.

  2. In the Manager, assign an enabled schedule to the System entitlement memberships after organizational changes attestation policy.

Once an attestation run is complete, the sample data is deleted. As soon as an individual's organizational data changes, they are included in the sample. This ensures that the sample always includes only those individuals whose organizational data has changed since the previous attestation.

TIP: Sample data is calculated by the QER_Person_Add_to_PickCategory_Organizational_Changes process. You can customize the generating condition of this process.

Related topics

Grouping attestation policies

Different attestation policies can be combined into a collection allowing the attestations to start simultaneously. For example, this can be used in the context of an audit, when different attestations are run that have related content.

Related attestation policies can be grouped together into policy collections. Policy collections must be assigned a schedule for running these attestation policies. Use a sample to limit the set of objects to attest for all assigned attestation policies.

The following applies:

  • An attestation policy can be assigned to only one policy collection.

  • Attestation policies that belong to a policy collection cannot be started separately.

  • When samples are attested, the same sample is used for all the attestation policies that belong to one policy collection.


The following properties of all employees in department D are going to be attested:

  • Primary and secondary membership in business roles

  • Linked user accounts

  • Assigned system entitlements

These attestations must always be performed simultaneously.

The following objects must be created for this purpose:

  1. Attestation procedure for the Person, PersonInOrg, UNSAccount, UNSAccountInUNScollection tables

  2. A schedule

  3. A sample the find all employees assigned to department D

  4. A policy collection that uses the schedule and sample

  5. Attestation policies that use the attestation procedures and the policy collection

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating