Chat now with support
Chat with Support

Identity Manager 9.1.2 - Attestation Administration Guide

Attestation and recertification
One Identity Manager users for attestation Attestation base data Attestation types Attestation procedure Attestation schedules Compliance frameworks Chief approval team Attestation policy owners Standard reasons for attestation Attestation policies Sample attestation Grouping attestation policies Custom mail templates for notifications Suspending attestation
Approval processes for attestation cases
Approval policies for attestations Approval workflow for attestations Selecting attestors Setting up multi-factor authentication for attestation Prevent attestation by employee awaiting attestation Phases of attestation Attestation by peer group analysis Managing attestation cases
Attestation sequence Default attestation and withdrawal of entitlements User attestation and recertification Certifying new roles and organizations Mitigating controls Setting up attestation in a separate database Configuration parameters for attestation

Overview of the attestation procedure

You can see the most important information about an attestation procedure on the overview form.

To obtain an overview of an attestation procedure

  1. In the Manager, select the Attestation > Basic configuration data > Attestation procedures category.

  2. Select the attestation procedure in the result list.

  3. Select the Attestation procedure overview task.

Assigning approval policies

Use this task to assign the selected attestation procedure to the approval policies that should be used in this attestation procedure. All approval policies permitted for the attestation base object are listed.

To assign approval policies to attestation procedures

  1. In the Manager, select the Attestation > Basic configuration data > Attestation procedures category.

  2. Select the attestation procedure in the result list.

  3. Select Assign approval policies task.

    In the Add assignments pane, assign the approval policies.

    TIP: In the Remove assignments pane, you can remove approval policy assignments.

    To remove an assignment

    • Select the approval policy and double-click .

  4. Save the changes.

Which approval policies are permitted depends on the approval procedures in use. Approval procedures dictate to which tables an approval procedure can be assigned.

Related topics

Creating a copy

You can make copies of attestation procedures and those copies allow you to modify default attestation procedures.

To copy an attestation procedure

  1. In the Manager, select the Attestation > Basic configuration data > Attestation procedures category.

  2. Select the attestation procedure in the result list.

  3. Select Create copy task.

  4. Confirm the security prompt with Yes.

  5. Decide whether the condition types should be copied for the attestation wizard in the Web Portal as well.

    Condition types are required if attestation policies are created and edited with the attestation wizard in the Web Portal. For more information about this, see the One Identity Manager Web Designer Web Portal User Guide.

  6. Edit the attestation procedure copy and save the changes.

    The attestation procedure copy is displayed on the main data form with the name <Name of original attestation procedure>(copy). You can rename and edit this attestation policy.

Attestation schedules

Use schedules to automate attestation. These specify when and how often attestation cases are created. One Identity Manager supplies several default schedules for attestation.

To edit schedules

  1. In the Manager, select the Attestation > Basic configuration data > Schedules category.

    The result list shows all schedules configured for attestation policies (AttestationPolicy task).

  2. Select a schedule in the result list and run the Change main data task.

    - OR -

    Click in the result list.

  3. Edit the schedule’s main data.

  4. Save the changes.

Enter the following properties for a schedule.

Table 5: Schedule properties

Property

Meaning

Name

Schedule ID. Translate the given text using the button.

Description

Detailed description of the schedule. Translate the given text using the button.

Table

Table whose data can be used by the schedule. Schedules for the attestation must refer to the AttestationPolicy table.

Enabled

Specifies whether the schedule is enabled.

NOTE: Only active schedules are run. Active schedules are only run if the QBM | Schedules configuration parameter is set.

Time zones

Unique identifier for the time zone that is used for running the schedule. Choose between Universal Time Code or one of the time zones in the menu.

NOTE:

When you add a new schedule, the time zone is preset to that of the client from which you started the Manager.

Start (date)

The day on which the schedule should be run for the first time. If this day conflicts with the defined interval type, the first run is on the next available day based on the start date.

Validity period

Period within which the schedule is run.

  • If the schedule will be run for an unlimited period, select the Unlimited duration option.

  • To set a validity period, select the Limited duration option and enter the day the schedule will be run for the last time in End (date).

Occurs

Interval in which the task is run. Other settings may be required depending on the settings.

  • Every minute: The schedule is run once a minute. The starting point is calculated from the rate of occurrence and the interval type.

  • Hourly: The schedule is run at defined intervals of a multiple of hours such as every two hours.

    • Under Repeat every, specify after how many hours the schedule is run again.

    • The starting point is calculated from the rate of occurrence and the interval type.

  • Daily: The schedule is run at specified times in a defined interval of days such as every second day at 6am and 6pm.

    • Under Start time, specify the times to run the schedule.

    • Under Repeat every, specify after how many days the schedule is run again.

  • Weekly: The schedule is run at a defined interval of weeks, on a specific day, at a specified time such as every second week on Monday at 6am and 6pm.

    • Under Start time, specify the times to run the schedule.

    • Under Repeat every, specify after how many weeks the schedule is run again.

    • Specify the set day of the week for running the schedule.

  • Weekly: The schedule is run at a defined interval of months, on a specific day, at a specified time such as every second month on the 1st and the 15th at 6am and 6pm.

    • Under Start time, specify the times to run the schedule.

    • Under Repeat every, specify after how many months the schedule is run again.

    • Specify the days of the month (1st - 31st of the month).

    NOTE: If the Monthly interval type with the sub interval 29, 30 or 31 does not exist in this month, the last day of the month is used.

    Example:

    A schedule that is run on the 31st day of each month is run on April 30th. In February, the schedule is run on the 28th (or 29th in leap year).

  • Yearly: The schedule is run at a defined interval of years, on a specific day, at a specified time such as every year on the 1st, the 100th, and the 200th day at 6am and 6pm.

    • Under Start time, specify the times to run the schedule.

    • Under Repeat every, specify after how many years the schedule is run again.

    • Specify the days of the year (1st - 366th day of the year).

      NOTE: If you select the 366th day of the year, the schedule is only run in leap years.

  • Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday: The schedule is run on a defined day of the week, in specified months, at specified times such as every second Saturday in January and June at 10am.

    • Under Start time, specify the times to run the schedule.

    • Under Repeat every, specify after how many days of the month the schedule is run again. The values 1 to 4, -1 (last day of the week), and -2 (last day but one of the week) are permitted.

    • Specify in which month to run the schedule. The values 1 to 12 are permitted. If the value is empty, the schedule is run each month.

Start time

Fixed start time Enter the time in local format for the chosen time zone. If there is a list of start times, the schedule is started at each of the given times.

Repeat every

Rate of occurrence for running the schedule within the selected time interval.

Last planned run/Next planned run

Activation time calculated by the DBQueue Processor. Activation times are recalculated whilst the schedule is running. The time of the next run is calculated from the interval type, rate of occurrence, and the start time.

NOTE: One Identity Manager provides the start information in the time zone of the client where the program was started. Changes due to daylight saving are taken into account.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating