Chat now with support
Chat with Support

Identity Manager 9.3 - Attestation Administration Guide

Attestation and recertification
One Identity Manager users for attestation Attestation base data Attestation types Attestation procedure Attestation schedules Compliance frameworks Chief approval team Attestation policy owners Standard reasons for attestation Providing terms of use for attestation Attestation policies Sample attestation Grouping attestation policies Custom mail templates for notifications Suspending attestation Automatic attestation of policy violations
Approval processes for attestation cases
Approval policies for attestations Approval workflow for attestations Selecting attestors Setting up multi-factor authentication for attestation Prevent attestation by identity awaiting attestation Automatic acceptance of attestation approvals Phases of attestation Attestation by peer group analysis Approval recommendations for attestations Managing attestation cases
Attestation sequence Default attestations Mitigating controls for attestation policies Setting up attestation in a separate database Configuration parameters for attestation

General main data for adaptive cards

Enter the following main data for an adaptive card.

Table 39: Adaptive card main data

Property

Description

Adaptive card

Name of the adaptive card.

Description

Text field for additional explanation.

Disabled

Specifies whether the adaptive card is actively used.

Adaptive card templates

Name of templates to use with this adaptive card.

Language

The template is provided in this language. The recipient's language preferences are taken into account when an adaptive card is generated and a matching template is applied. If a language cannot be identified or there is no suitable template for the language found, en-US is used as fallback.

Template

JSON template of the adaptive card that contains placeholders for Adaptive Cards Templating.

Related topics

Deploying and evaluating adaptive cards for attestations

If an attestor is found in an approval step and this approval step has a mail template allocated to it, the ATT_AttestationHelper approve anywhere process is run. The process is generated if the following conditions are fulfilled:

  • The attestor is registered as the recipient in Starling Cloud Assistant.

  • A default email address is stored for the attestor.

  • The QER | Person | Starling | UseApprovalAnywhere configuration parameter is set.

  • An expiry date is entered in the QER | Person | Starling | UseApprovalAnywhere | SecondsToExpire configuration parameter.

  • The QER | Attestation | MailTemplateIdents | RequestApproverByCollection configuration parameter is not set.

    - OR -

    Always send notification of pending attestations is set on the attestation policy.

The process calls the ATT_CloudAssistant_CreateMessage_AttestationHelper script passing to it the name and UID of the adaptive card to send. The script creates the adaptive card from the JSON template for adaptive cards and the data in the attestation case and then sends it to the attestor. The QER_CloudAssistant_CheckMessage_AttestationHelper script checks if the attestor has sent a response, evaluates the response and updates the attestation case according to the approval decision.

NOTE: If you want to use your own adaptive cards template, check the ATT_CloudAssistant_CreateMessage_AttestationHelper, ATT_CloudAssistant_CreateData_AttestationHelper, and ATT_CloudAssistant_CheckMessage_AttestationHelper scripts and adjust them if necessary to reflect content changes in the template. For more information about overriding scripts, see the One Identity Manager Configuration Guide.

Related topics

Disabling adaptive cards

Adaptive cards that are not used can be disabled.

To disable an adaptive card

  1. In the Manager, select the Attestation > Basic configuration data > Adaptive cards category.

  2. Select the adaptive card in the result list.

  3. Select the Change main data task.

  4. Set Disabled.

  5. Save the changes.
Related topics

Approving attestation cases in the Manager

In the Manager, the Attestation cases report is available for attestors. Attestors can use this report to make approval decisions about attestation cases.

To approve an attestation case in the Manager

  1. In the Manager, select the Identities > Identities category.

  2. Select the identity in the result list.

  3. Select the Attestation cases report.

  4. Select the Pending attestation cases tab.

  5. If a report has been defined for the attestation case, you can view it using the button in the View report column.

  6. Select the attestation case and enable the Approve or the Deny option in the list.

  7. Enter the Reason for decision or select a Standard reason.

  8. Click Carry out approval.

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating