Chat now with support
Chat with Support

Identity Manager 9.2 - Web Portal User Guide

General tips and getting started Managing reports Requests
Setting up and configuring request functions Requesting products Managing the Saved for Later list Pending requests Displaying request history Canceling requests Renewing products with limit validity periods Unsubscribing products Displaying requests Undoing approvals Managing request inquiries directed at you
Attestation
Managing attestations Pending attestations Displaying attestation history Managing attestation inquiries directed at you
Compliance Managing risk index functions Responsibilities
My responsibilities
Managing my departments Managing my application roles Managing my devices Managing my business roles Managing my identities Managing my cost centers Managing my multi-request resources Managing my multi requestable/unsubscribable resources Managing my resources Managing my software applications Managing my locations Managing my system entitlements Managing my system roles Managing my assignment resources
Managing task delegations Ownerships
Managing data
Managing departments Managing user accounts Managing business roles Managing identities Managing cost centers Managing multi-request resources Managing multi requestable/unsubscribable resources Managing resources Managing locations Managing system entitlements Managing system roles Managing assignment resources
Opening other web applications Managing tickets Appendix: Attestation conditions and approval policies from attestation procedures

Managing my system entitlements' attestation cases

You can use attestation to test the balance between security and compliance within your company. Managers or others responsible for compliance can use One Identity Manager attestation functionality to certify correctness of permissions, requests, or exception approvals either scheduled or on demand. Recertification is the term generally used to describe regular certification of permissions. One Identity Manager uses the same workflows for recertification and attestation.

There are attestation policies defined in One Identity Manager for carrying out attestations. Attestation policies specify which objects are attested when, how often, and by whom.Once an attestation is performed, One Identity Manager creates attestation cases that contain all the necessary information about the attestation objects and the attestor responsible. The attestor checks the attestation objects. They verify the correctness of the data and initiate any changes that need to be made if the data conflicts with internal rules.

Attestation cases record the entire attestation sequence. Each attestation step in an attestation case can be audit-proof reconstructed. Attestations are run regularly using scheduled tasks. You can also trigger single attestations manually.

Attestation is complete when the attestation case has been granted or denied approval. You specify how to deal with granted or denied attestations on a company basis.

Detailed information about this topic

Displaying my system entitlements' attestation cases

You can display attestation cases that involve system entitlements for which you are responsible.

In addition, you can obtain more information about the attestation cases.

To display attestation cases

  1. In the menu bar, click Responsibilities > My Responsibilities.

  2. In the navigation, click Identities.

  3. On the System Entitlements page, click the system entitlement whose attestation cases you want to display.

  4. In the Edit System Entitlement pane, click the Attestation tab.

    This displays all the system entitlement's attestation cases.

  5. (Optional) To display more details of an attestation case, click the respective attestation case.

Related topics

Approving and denying my system entitlements' attestation cases

You can grant or deny approval to attestation cases of system entitlements for which you are responsible.

To approve an attestation case

  1. In the menu bar, click Responsibilities > My Responsibilities.

  2. On the System Entitlements page, click the system entitlement whose attestation cases are pending your approval.

  3. In the Edit System Entitlement pane, click the Attestation tab.

  4. On the Attestation tab, click (Filter).

  5. In the filter context menu, select the Pending option.

  6. Perform one of the following actions:

    • To approve an attestation case, select the check box next to the attestation case in the list and click Approve below the list.

    • To deny an attestation case, select the check box next to the attestation case in the list and click Deny below the list.

  7. In the Approve Attestation Case or the Deny Attestation Case pane, perform the following actions:

    1. In the Reason for your decision field, select a standard reason for your approval decision.

    2. In the Additional comments about your decision field, enter extra information about your approval decision.

    TIP: By giving reasons, your approvals are more transparent and support the audit trail.

  8. Click Save.

Related topics

Managing my system roles

System roles combine company resources that must always be assigned to identities together into a single package. Different types of company resources can be grouped into one system role, such as Active Directory groups, software, and resources. System roles can be assigned to user accounts, requested, or inherited through hierarchical roles. Identities and workdesks inherit company resources assigned to the system roles.

You can perform a variety of actions regarding system roles that you manage and gather information about them.

Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating