Owners of devices are attested by using the Device ownership attestation attestation procedure.
Condition |
Description |
---|---|
All devices |
Attests owners of all the devices. |
Owners of devices are attested by using the Device ownership attestation attestation procedure.
Condition |
Description |
---|---|
All devices |
Attests owners of all the devices. |
Owners of system entitlements are attested by using the System entitlement ownership attestation attestation procedure.
Condition |
Description |
---|---|
All system entitlements |
Attests owners of all system entitlements. |
System entitlements by applications |
Select the applications. Attests system entitlements owners to which the applications are assigned. |
Initial assignments of product owners to system entitlements are attested using the System entitlement ownership attestation (initial) attestation procedure (this means that the system entitlements did not have an product owner beforehand).
Condition |
Description |
---|---|
All system entitlements without owner |
Attests initial assignments of owners to system entitlements that do not have product owners. |
No dynamic groups from Active Roles |
Attests initial assignment of product owners to system entitlements. Dynamic groups are ignored in the process. |
Approval policies |
Description |
---|---|
Attestation of ownership by proposed new owner |
The proposed new product owners can make approval decisions about attestation cases. |
User accounts are attested using the User account attestation attestation procedure.
Condition |
Description |
---|---|
All user accounts |
Attests all user accounts. |
All privileged user accounts |
Attests all privileged user accounts. |
User accounts in the target system |
Select the target systems. Attests user accounts assigned to these target systems. |
User accounts of specific employees |
Select the identities. Attests user accounts assigned to these identities. |
Specific user accounts |
Select the user accounts to attest. Use and to switch between hierarchical and list view. Multi-select is possible. |
User accounts with defined risk index |
|
User accounts with matching name |
Enter part of a name of user accounts with access to attest. All user accounts that have this pattern in their name are included. Example: Per finds "Person", "Personal", "Perfection" and so on. |
User accounts with employees in departments |
Select the departments. Attests user accounts with identities assigned to these departments. Use and to switch between hierarchical and list view. Multi-select is possible. |
User accounts of employees in child departments |
Select the departments. Attests user accounts with identities assigned to these or their child departments. Use and to switch between hierarchical and list view. Multi-select is possible. |
User accounts of employees with matching names |
Enter part of a name of the identities with user accounts to attest. All identities that have this pattern in their name are included. Example: Per finds "Person", "Personal", "Perfection" and so on. |
New or not attested for x days |
Specify a number of days. Attests user accounts that have not been attested for the defined number of days. |
All user accounts not assigned to an identity |
Only attests user accounts not assigned to an identity (so-called orphaned user accounts). |
Linked user accounts |
Attests only user accounts that are assigned these identities. |
Target system type |
Select the target systems types. Attests user accounts in target system of this target system type. |
Approval policies |
Description |
---|---|
Attestation by selected approvers | Click Assign/Change in the Attestors field and then select the identities that can make approval decisions about attestation cases. |
Attestation by target system manager |
Target system managers can be approved through attestation cases. |
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center