立即与支持人员聊天
与支持团队交流

Identity Manager 8.2 - Web Portal User Guide

General tips and getting started Requests
Requesting products Saved for Later list Pending requests Displaying request history Canceling requests Renewing products with limit validity periods Unsubscribing products Displaying approvals Undoing approvals
Attestation Responsibilities Setting up and configuring request functions Appendix: Attestation conditions and approval policies from attestation procedures

Setting up attestation policies

To fulfill new regulation requirements, you can create new attestation policies.

To create a new attestation policy

  1. In the menu bar, click Attestation > Attestation Policies.

  2. On the Attestation Policies page, click Create attestation policy.

  3. In the Create Attestation Policy pane, enter the new attestation policy's main data.

    Table 7: Attestation policy main data

    Property

    Description

    Disabled

    Specify whether the attestation policy is disabled or not. Attestation cases cannot be added to disabled attestation policies and, therefore, no attestation is done. Completed attestation cases can be deleted once the attestation policy is disabled.

    Attestation policy

    Enter a name for the attestation policy.

    Description

    Enter a description of the attestation policy.

    Attestation procedure

    Select which objects to attest with this attestation policy.

    NOTE: The selection of the attestation procedure is crucial. The selected attestation procedure determines, amongst other things, the available options when conditions are added. The available options are modified to match the attestation procedure.

    Approval policies

    Specify who can approve the attestations. Depending on which attestation procedure you selected, different approval policies are available.

    Attestors

    Click Assign/Change and then select the identities that can make approval decisions about attestation cases.

    NOTE: This field is only shown if you have selected an attestation policy in the Attestation policy menu that demands attestation by an approver (for example, Attestation by selected approvers).

    Calculation schedule

    Specify how often an attestation run is started with this attestation policy. Each attestation run creates a new attestation case respectively.

    Time required (days)

    Specify how many days attestors have to make an approval decision about the attestation cases governed by this policy. If you do not want to specify a time, enter 0.

    Owner

    Select the identity that is responsible for this attestation policy. This identity can view and edit the attestation policy.

    Risk index

    Use the slider to define the attestation policy's risk index. This value specifies the risk for the company if attestation for this attestation policy is denied.

    Compliance frameworks

    Click Assign/Change and add a compliance framework to use.

    Compliance frameworks are used for classifying attestation policies, compliance rules, and company policies according to regulatory requirements. For example, internal requirements or auditing requirements.

    Close obsolete tasks automatically

    Specify whether attestation cases pending for this attestation policy are automatically closed if new attestation cases are created (for example, when there is a new attestation run of this attestation policy).

    If an attestation run with this attestation policy is started and the option is set, new attestation cases are created according to the condition. All pending, obsolete attestation cases for newly determined attestation objects of this attestation policy are stopped. Attestation cases for attestation objects that are not recalculated, remain intact.

    Approval by multi-factor authentication

    Specify whether approvals about attestation cases governed by this attestation policy require multifactor authentication (for example Starling 2FA).

  4. To specify which objects to attest, under Objects To Be Attested by This Attestation Policy, click Add condition.

  5. In the Condition type menu, click the condition type to use (see Appendix: Attestation conditions and approval policies from attestation procedures).

    NOTE: The options available in the Condition type menu depends on which attestation procedure is configured for the attestation policy.
  6. (Optional) Depending on which condition type you have selected, you can filter the selection of objects to attest (see Appendix: Attestation conditions and approval policies from attestation procedures).

  7. (Optional) Create more conditions if required. To do this, click Add another condition.

  8. (Optional) If you have specified more than one condition, you must specify whether one or all of the conditions must be fulfilled by enabling the appropriate option:

    • All conditions must be fulfilled: The next time the attestation policy is run, new attestation cases are added for all objects fulfilling all of the conditions. If one of the objects to attest does not fulfill a condition, this object is not attested. In addition, use of this option generates a intersecting set of all the individual conditions of the selected objects.

    • At least one condition must be fulfilled: The next time the attestation policy is run, new attestation cases are added for all objects that fulfill at least one of the conditions. Use of this option generates a superset of all the individual conditions of the selected objects.

  9. Click Create.

Related topics

Editing attestation policies

For example, you can modify attestation policies to include more conditions.

To edit an attestation policy

  1. In the menu bar, click Attestation > Attestation Policies.

  2. On the Attestation Policies page, next to the attestation policy you want to edit, click Edit.

    To view disabled attestation policies, clear the Activated attestation policies only filter. To do this, click next to the filter (Clear filter).

    NOTE: The system contains default attestation policies. These policies can only be edited to a limited degree. If you want to make changes to a default attestation policy, create a copy and edit the copy (see Copying attestation policies).

  3. In the Edit Attestation Policy pane, edit the attestation policy's main data.

    Table 8: Attestation policy main data

    Property

    Description

    Disabled

    Specify whether the attestation policy is disabled or not. Attestation cases cannot be added to disabled attestation policies and, therefore, no attestation is done. Completed attestation cases can be deleted once the attestation policy is disabled.

    Attestation policy

    Enter a name for the attestation policy.

    Description

    Enter a description of the attestation policy.

    Attestation procedure

    Select which objects to attest with this attestation policy.

    NOTE: The selection of the attestation procedure is crucial. The selected attestation procedure determines, amongst other things, the available options when conditions are added. The available options are modified to match the attestation procedure.

    Approval policies

    Specify who can approve the attestations. Depending on which attestation procedure you selected, different approval policies are available.

    Attestors

    Click Assign/Change and then select the identities that can make approval decisions about attestation cases.

    NOTE: This field is only shown if you have selected an attestation policy in the Attestation policy menu that demands attestation by an approver (for example, Attestation by selected approvers).

    Calculation schedule

    Specify how often an attestation run is started with this attestation policy. Each attestation run creates a new attestation case respectively.

    Time required (days)

    Specify how many days attestors have to make an approval decision about the attestation cases governed by this policy. If you do not want to specify a time, enter 0.

    Owner

    Select the identity that is responsible for this attestation policy. This identity can view and edit the attestation policy.

    Risk index

    Use the slider to define the attestation policy's risk index. This value specifies the risk for the company if attestation for this attestation policy is denied.

    Compliance frameworks

    Click Assign/Change and add a compliance framework to use.

    Compliance frameworks are used for classifying attestation policies, compliance rules, and company policies according to regulatory requirements. For example, internal requirements or auditing requirements.

    Close obsolete tasks automatically

    Specify whether attestation cases pending for this attestation policy are automatically closed if new attestation cases are created (for example, when there is a new attestation run of this attestation policy).

    If an attestation run with this attestation policy is started and the option is set, new attestation cases are created according to the condition. All pending, obsolete attestation cases for newly determined attestation objects of this attestation policy are stopped. Attestation cases for attestation objects that are not recalculated, remain intact.

    Approval by multi-factor authentication

    Specify whether approvals about attestation cases governed by this attestation policy require multifactor authentication (for example Starling 2FA).

  4. To specify which objects to attest, perform one of the following actions:

    • To add a new condition, under Objects To Be Attested by This Attestation Policy click Add another condition.

    • To edit an existing condition, under Objects To Be Attested by This Attestation Policy, click the condition.

    • To delete an existing condition, click (Delete condition).

  5. In the Condition type menu, click the condition type to use (see Appendix: Attestation conditions and approval policies from attestation procedures).

    NOTE: The options available in the Condition type menu depends on which attestation procedure is configured for the attestation policy.
  6. (Optional) Depending on which condition type you have selected, you can filter the selection of objects to attest (see Appendix: Attestation conditions and approval policies from attestation procedures).

  7. (Optional) Create or modify more conditions if required. To do this, click Add another condition.

  8. (Optional) If you have specified more than one condition, you must specify whether one or all of the conditions must be fulfilled by enabling the appropriate option:

    • All conditions must be fulfilled: The next time the attestation policy is run, new attestation cases are added for all objects fulfilling all of the conditions. If one of the objects to attest does not fulfill a condition, this object is not attested. In addition, use of this option generates a intersecting set of all the individual conditions of the selected objects.

    • At least one condition must be fulfilled: The next time the attestation policy is run, new attestation cases are added for all objects that fulfill at least one of the conditions. Use of this option generates a superset of all the individual conditions of the selected objects.

  9. Click Save.

Related topics

Copying attestation policies

You can copy existing attestation policies and then edit them. For example, if you want to make changes to a default attestation policy, you can copy it, edit the copy, and then use it.

Copied attestation policies can be deleted again.

To copy an attestation policy

  1. In the menu bar, click Attestation > Attestation Policies.

  2. On the Attestation Policies page, next to the attestation policy you want to copy, click (Actions) > Copy.

    To view disabled attestation policies, clear the Activated attestation policies only filter. To do this, click next to the filter (Clear filter).

  3. In the Copy Attestation Policy pane, edit the attestation policy's main data.

    Table 9: Attestation policy main data

    Property

    Description

    Disabled

    Specify whether the attestation policy is disabled or not. Attestation cases cannot be added to disabled attestation policies and, therefore, no attestation is done. Completed attestation cases can be deleted once the attestation policy is disabled.

    Attestation policy

    Enter a name for the attestation policy.

    Description

    Enter a description of the attestation policy.

    Attestation procedure

    Select which objects to attest with this attestation policy.

    NOTE: The selection of the attestation procedure is crucial. The selected attestation procedure determines, amongst other things, the available options when conditions are added. The available options are modified to match the attestation procedure.

    Approval policies

    Specify who can approve the attestations. Depending on which attestation procedure you selected, different approval policies are available.

    Attestors

    Click Assign/Change and then select the identities that can make approval decisions about attestation cases.

    NOTE: This field is only shown if you have selected an attestation policy in the Attestation policy menu that demands attestation by an approver (for example, Attestation by selected approvers).

    Calculation schedule

    Specify how often an attestation run is started with this attestation policy. Each attestation run creates a new attestation case respectively.

    Time required (days)

    Specify how many days attestors have to make an approval decision about the attestation cases governed by this policy. If you do not want to specify a time, enter 0.

    Owner

    Select the identity that is responsible for this attestation policy. This identity can view and edit the attestation policy.

    Risk index

    Use the slider to define the attestation policy's risk index. This value specifies the risk for the company if attestation for this attestation policy is denied.

    Compliance frameworks

    Click Assign/Change and add a compliance framework to use.

    Compliance frameworks are used for classifying attestation policies, compliance rules, and company policies according to regulatory requirements. For example, internal requirements or auditing requirements.

    Close obsolete tasks automatically

    Specify whether attestation cases pending for this attestation policy are automatically closed if new attestation cases are created (for example, when there is a new attestation run of this attestation policy).

    If an attestation run with this attestation policy is started and the option is set, new attestation cases are created according to the condition. All pending, obsolete attestation cases for newly determined attestation objects of this attestation policy are stopped. Attestation cases for attestation objects that are not recalculated, remain intact.

    Approval by multi-factor authentication

    Specify whether approvals about attestation cases governed by this attestation policy require multifactor authentication (for example Starling 2FA).

  4. To specify which objects to attest, perform one of the following actions:

    • To add a new condition, under Objects To Be Attested by This Attestation Policy click Add another condition.

    • To edit an existing condition, under Objects To Be Attested by This Attestation Policy, click the condition.

    • To delete an existing condition, click (Delete condition).

  5. In the Condition type menu, click the condition type to use (see Appendix: Attestation conditions and approval policies from attestation procedures).

    NOTE: The options available in the Condition type menu depends on which attestation procedure is configured for the attestation policy.
  6. (Optional) Depending on which condition type you have selected, you can filter the selection of objects to attest (see Appendix: Attestation conditions and approval policies from attestation procedures).

  7. (Optional) Create or modify more conditions if required. To do this, click Add another condition.

  8. (Optional) If you have specified more than one condition, you must specify whether one or all of the conditions must be fulfilled by enabling the appropriate option:

    • All conditions must be fulfilled: The next time the attestation policy is run, new attestation cases are added for all objects fulfilling all of the conditions. If one of the objects to attest does not fulfill a condition, this object is not attested. In addition, use of this option generates a intersecting set of all the individual conditions of the selected objects.

    • At least one condition must be fulfilled: The next time the attestation policy is run, new attestation cases are added for all objects that fulfill at least one of the conditions. Use of this option generates a superset of all the individual conditions of the selected objects.

  9. Click Create.

Related topics

Deleting attestation policies

You can delete attestation policies that are not used anymore.

NOTE: You can only delete attestation policies if no attestation cases are associated with it anymore.

To delete an attestation policy

  1. In the menu bar, click Attestation > Attestation Policies.

  2. (Optional) To display disabled attestation policies, clear the Activated attestation policies only filter on the Attestation Policies page. To do this, click next to the filter (Clear filter).

  3. On the Manage Attestation Policies page, click (Actions) > Delete next to the attestation policy you want to delete.

  4. In the Delete attestation policy dialog, confirm the prompt with OK.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级