Chat now with support
Chat with Support

Identity Manager 9.1.2 - Attestation Administration Guide

Attestation and recertification
One Identity Manager users for attestation Attestation base data Attestation types Attestation procedure Attestation schedules Compliance frameworks Chief approval team Attestation policy owners Standard reasons for attestation Attestation policies Sample attestation Grouping attestation policies Custom mail templates for notifications Suspending attestation
Approval processes for attestation cases
Approval policies for attestations Approval workflow for attestations Selecting attestors Setting up multi-factor authentication for attestation Prevent attestation by employee awaiting attestation Phases of attestation Attestation by peer group analysis Managing attestation cases
Attestation sequence Default attestation and withdrawal of entitlements User attestation and recertification Certifying new roles and organizations Mitigating controls Setting up attestation in a separate database Configuration parameters for attestation

One Identity Manager users for certifying roles and organizations

The following users are involved in the certification of roles and organizations.

Table 64: Users

Users

Tasks

Administrators for organizations

Administrators must be assigned to the Identity Management | Organizations | Administrators application role.

Users with this application role:

  • Set up and edit departments, cost centers, and locations.

  • Assign company resources to departments, cost centers, and locations.

  • Attest the main data of departments, cost centers, and locations.

  • Administrate application roles for role approvers, role approvers (IT), and attestors.

  • Set up other application roles as required.

Business roles administrators

Administrators must be assigned to the Identity Management | Business roles | Administrators application role.

Users with this application role:

  • Create and edit business roles.

  • Assign company resources to business roles.

  • Attest business roles' main data.

  • Administrate application roles for role approvers, role approvers (IT), and attestors.

  • Set up other application roles as required.

Administrators for basic functionality

Administrators must be assigned to the Base roles | Administrators application role.

Users with this application role:

  • Administer application roles for administrators.

  • Assign employees to administrator application roles.

  • Add other employees to the Base roles | Administrators application role and edit conflicting application roles.

  • See the main data for the other application roles.

  • Attest application roles' main data.

  • Can use Password Reset Portal to set passwords for selected system users.

Manager

  • Check the main data of the roles and organizations to be certified.
  • Assign another manager if required.
  • Attests the main data.

Administrators for attestation cases

Administrators must be assigned to the Identity & Access Governance | Attestation | Administrators application role.

Users with this application role:

  • Modify the attestation policies if necessary.

  • Create more schedules if required.

Detailed information about this topic

Configuring certification of new departments

Attestation and certification of departments with the New certification status can start when the following requirements are met.

To certify new departments

  1. In the Designer, set the QER | Attestation | DepartmentApproval and QER | Attestation | DepartmentApproval | InitialApprovalState configuration parameters.

  2. The value of the InitialApprovalState configuration parameter to 1.

    All departments added to the database from this point on are given the certification status New.

  3. In the Manager, edit the main data of the New departments certification attestation policy.

    • Calculation schedule: Schedule for starting attestation.

    • Disabled: Disabled.

  4. In the Manager, assign at least one employee to the Identity Management | Organizations | Administrators application role.

  5. Save the changes.

Attestation of imported departments is triggered when:

  • Initial certification status was set to New by the InitialApprovalState configuration parameter.

    - OR -

    The import sets Department.ApprovalState='1'

  • There is no Import data source stored with the department (ProfitCenter.ImportSource='')

The Employees do not inherit option (Department.IsNoInheriteToPerson) is disabled by the VI_Attestation_AttestationCase_Department_Approval_Granted process.

Related topics

Configuring certification of new cost centers

Attestation and certification of cost centers with the New certification status can start when the following requirements are met.

To certify new cost centers

  1. In the Designer, set the QER | Attestation | ProfitCenterApproval and QER | Attestation | ProfitCenterApproval | InitialApprovalState configuration parameters.

  2. The value of the InitialApprovalState configuration parameter to 1.

    All cost centers added to the database from this point on are given the certification status New.

  3. In the Manager, edit the main data of the New cost centers certification attestation policy.

    • Calculation schedule: Schedule for starting attestation.

    • Disabled: Disabled.

  4. In the Manager, assign at least one employee to the Identity Management | Organizations | Administrators application role.

  5. Save the changes.

Attestation of imported cost centers is triggered when:

  • Initial certification status was set to New by the InitialApprovalState configuration parameter.

    - OR -

    The import sets ProfitCenter.ApprovalState='1'

  • There is no Import data source stored with the cost center (ProfitCenter.ImportSource='')

The Employees do not inherit option (ProfitCenter.IsNoInheriteToPerson) is disabled by the VI_Attestation_AttestationCase_ProfitCenter_Approval_Granted process.

Related topics

Configuring certification of new locations

Attestation and certification of locations with the New certification status can start when the following requirements are met.

To certify a new location

  1. In the Designer, set the QER | Attestation | LocalityApproval and QER | Attestation | LocalityApproval | InitialApprovalState configuration parameters.

  2. The value of the InitialApprovalState configuration parameter to 1.

    All locations added to the database from this point on are given the certification status New.

  3. In the Manager, edit the main data of the New location certification attestation policy.

    • Calculation schedule: Schedule for starting attestation.

    • Disabled: Disabled.

  4. In the Manager, assign at least one employee to the Identity Management | Organizations | Administrators application role.

  5. Save the changes.

Attestation of imported locations is triggered when:

  • Initial certification status was set to New by the InitialApprovalState configuration parameter.

    - OR -

    The import sets Locality.ApprovalState='1'

  • There is no Import data source stored with the location (Locality.ImportSource='')

The Employees do not inherit option (Locality.IsNoInheriteToPerson) is disabled by the VI_Attestation_AttestationCase_Locality_Approval_Granted process.

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating