Chat now with support
Chat with Support

Identity Manager 9.1 - Attestation Administration Guide

Attestation and recertification
One Identity Manager users for attestation Attestation base data Attestation types Attestation procedure Attestation schedules Compliance frameworks Chief approval team Attestation policy owners Standard reasons for attestation Attestation policies Sample attestation Grouping attestation policies Custom mail templates for notifications Suspending attestation
Approval processes for attestation cases
Approval policies for attestations Approval workflow for attestations Selecting attestors Setting up multi-factor authentication for attestation Prevent attestation by employee awaiting attestation Phases of attestation Attestation by peer group analysis Managing attestation cases
Attestation sequence Default attestation and withdrawal of entitlements User attestation and recertification Certifying new roles and organizations Mitigating controls Setting up attestation in a separate database Configuration parameters for attestation

Creating, editing, deleting samples

To be prepare sample attestations:

  • Create samples.

  • Define the sample data.

  • Assign the samples to the attestation policies that will use them.

To create a sample

  1. In the Manager, select the Attestation > Samples category.

  2. Click in the result list.

  3. Edit the sample's main data.

  4. Save the changes.

To edit a sample

  1. In the Manager, select the Attestation > Samples category.

  2. In the result list, select the sample and run the Change main data task.

  3. Edit the sample's main data.

  4. Save the changes.

To delete a sample

  1. In the Manager, select the Attestation > Samples category.

  2. In the result list, select the sample and click .

  3. Confirm the security prompt with Yes.
Detailed information about this topic

General main data of samples

Enter the following main data of a sample.

Table 13: General main data of a sample

Property

Description

Display name

Name of the sample.

Table

Table that contains the selected sample data.

Manually selected

Specifies whether the sample data is manually selected.

Remove items after attestation run

Specifies whether the sample data is deleted from the sample after each attestation run.

After each attestation of this sample, the sample data must be regenerated.

The option is not taken into account when attesting individually selected objects.

Related topics

Managing sample data

Sample data can either be generated automatically or compiled manually. To set sample data manually, assign sample items to the samples.

To assign sample items manually

  1. In the Manager, select the Attestation > Samples > Manually selected category.

  2. Select the sample in the results list.

  3. Select the Assign sample items task.

    In the Add assignments pane, assign sample items.

    TIP: In the Remove assignments pane, you can remove the assigned sample items.

    To remove an assignment

    • Select the sample item and double-click .

  4. Save the changes.

To display sample items for automatically selected samples

  1. In the Manager, select the Attestation > Samples > Automatically selected category.

  2. Select the sample in the results list.

  3. Select the Assign sample items task.

Related topics

Generating sample data automatically

One Identity Manager distinguishes between manual sampling and automatic sampling. Automatic sampling can trigger the generation of sample data as follows:

  • Event-based: All modified objects of an object class (table from which the sample data is selected) are calculated.

    Example: All user accounts whose risk index has increased since the previous attestation.

    For the default Monthly organizational changes of employees sample, the sample data are generated event-based.

Prerequisite
  • In the sample, the Manually selected option is disabled.

To generate sample data for an event-based sample

  • In the Designer, create a process that is generated when changes are made to the table given in the sample. Use the Execute SQL process task from the SQLComponent process component.

    • Determine the value of the SQLStmt parameter with the following query:

      Dim f As ISqlFormatter = Connection.SqlFormatter Value = f.StoredProcedure(New SQLFunction("QER", "''", "PPickedItemInsert"), _ f.FormatValue("<UID_QERPickCategory>", ValType.String, True), _ f.FormatValue($XObjectKey$, ValType.String, True) _ )

    • UID_QERPickCategory: Unique identifier of the sample whose sample data is to be generated.

For more information about defining processes, see the One Identity Manager Configuration Guide.

If the Remove items after attestation run option is set in the sample, the sample data will be deleted as soon as an attestation run is completed. This way ensures that the sample always contains only those objects that have been changed since the previous attestation.

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating