Memberships in application roles are attested using the Application role membership attestation attestation procedure.
Condition |
Description |
---|---|
All roles |
Attests memberships in all applications roles. |
Application roles with matching name |
Enter part of a name of application roles with primary memberships to attest. All application roles that have this pattern in their name are included. Example: Per finds "Person", "Personal", "Perfection" and so on. |
Attesting by attestation status |
Select an attestation status You can select the follow status:
|
Specific identities |
Select the identities. |
Specific identities with subidentities. |
Select the identities. |
Specific roles |
Select the application roles. Attests memberships in these application roles. Use and to switch between hierarchical and list view. Multi-select is possible. |
New or not attested for x days |
Specify a number of days. |
Roles by assignment type |
Select how memberships in application roles must be assigned to enable attestation:
|
Approval policies |
Description |
---|---|
Attestation by selected approvers with automatic removal of assignments |
In the Attestors field, click Select/Change and select the identities that can make approval decisions about attestation cases. Memberships are deleted if attestation is denied and the configuration fits. |