Chat now with support
Chat with Support

Identity Manager 9.3 - Attestation Administration Guide

Attestation and recertification
One Identity Manager users for attestation Attestation base data Attestation types Attestation procedure Attestation schedules Compliance frameworks Chief approval team Attestation policy owners Standard reasons for attestation Providing terms of use for attestation Attestation policies Sample attestation Grouping attestation policies Custom mail templates for notifications Suspending attestation Automatic attestation of policy violations
Approval processes for attestation cases
Approval policies for attestations Approval workflow for attestations Selecting attestors Setting up multi-factor authentication for attestation Prevent attestation by identity awaiting attestation Automatic acceptance of attestation approvals Phases of attestation Attestation by peer group analysis Approval recommendations for attestations Managing attestation cases
Attestation sequence Default attestations Mitigating controls for attestation policies Setting up attestation in a separate database Configuration parameters for attestation

Mitigating controls

Mitigating controls describe controls that are implemented if an attestation rule was violated. The attestation can be approved after the next attestation run, once controls have been applied.

To edit mitigating controls

  • In the Designer, enable the QER | CalculateRiskIndex configuration parameter.

    NOTE: If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

Detailed information about this topic

Assigning mitigating controls

Specify which mitigating controls apply to the selected attestation policy.

To assign mitigating controls to an attestation policy

  1. In the Manager, select the Attestation > Attestation policies category.

  2. Select the attestation policy in the result list.

  3. Select the Assign mitigating controls task.

    In the Add assignments pane, assign the mitigating controls.

    TIP: In the Remove assignments pane, you can remove mitigating control assignments.

    To remove an assignment

    • Select the mitigating control and double-click .

  4. Save the changes.

Creating mitigating controls for attestation policies

To create a mitigating control for attestation policies

  1. In the Manager, select the Attestation > Attestation policies category.

  2. Select an attestation policy in the result list.

  3. Select the Assign mitigating controls task.

  4. Select Create mitigating controls task.

  5. Enter the main data of the mitigating control.

  6. Save the changes.

  7. Select the Assign attestation polices task.

  8. In the Add assignments pane, double-click the attestation policies you want to assign.

  9. Save the changes.
Detailed information about this topic

Running attestation for single objects

Use this task to start attestations independently from a schedule. If you run the task, a separate window is opened. Select the objects to be attested now from a list of all attestation objects. The selection is one-off.

The Close obsolete tasks automatically option is not taken into account for the selected attestation objects.

If a sample is assigned to the attestation policy, you can select individual objects from the sampling data. The Remove items after attestation run option is not taken into account; the attestation data is not deleted after the attestation run.

To start attestation for the selected objects

  1. In the Manager, select the Attestation > Attestation policies category.

  2. Select the attestation policy in the result list. Select the Change main data task.

  3. Select the Run attestation cases for single objects... task.

    This opens a separate window.

  4. In the Attestation column, select every object for which attestation is to be run.

  5. Click Run.

    Attestation cases are generated for the selected attestation objects. As soon as DBQueue Processor has processed the task, you will see the newly created attestation cases in the navigation view under the Attestation runs > <attestation policy> > Attestation runs > <year> > <month> > <day> > Pending attestations menu item.

  6. Click Close.

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating