Attestation escalation – Approvals (page description)
To open the Attestation Escalation Approval – Approvals page go to Attestation > Escalation > Click an attestation policy > Make approval decision > Next.
After you have made your approval decisions on the Attestation Escalation Approvals page, you can save the approval decisions on the Pending Attestation Approval – Approvals page so that they take effect. You can also enter reason for the approval decisions here. For more information, see Granting or denying escalated attestation cases.
The following tables give you an overview of the various features and content on the Attestation Escalation Approval – Approvals page.
Table 233: Controls
Reason for approvals |
Enter a reason for all approved attestations here. |
Standard reason |
Here you can select one of the standard reasons saved in the system for all approved attestations. |
Reason for denials |
Enter a reason for all denied attestations here. |
Standard reason |
Here you can select one of the standard reasons saved in the system for all denied attestations. |
Save |
Use this button to save all the settings and approval decisions. |
Back |
Use this button to switch to the previous page. For example, to approve other attestations. |
Table 234: Columns
Display name |
Shows you the name of the object to be attested. |
Attestation policy |
Shows the name of the attestation policy in use. |
Due date |
Shows by when the attestation case must be completed. |
Risk index |
Show the attestation case's risk index. |
Reason |
Here you can enter a reason for the decision. To do this, click on the button and, in the dialog, enter a reason or select one of the standard reasons. |
TIP: You can show less data by using the column filters. For more information, see Filtering.
Compliance (Menu description)
Companies have different requirements that they need for regulating internal and external identities' access to company resources. On the one hand, rule checks are used for locating rule violations and on the other hand, to prevent them. By using these rules, you can demonstrate compliance with legislated regulations such as the Sarbanes-Oxley Act (SOX). The following demands are made on compliance:
-
Compliance rules define what an employee is entitled to do or not do. For example, an identity may not have both entitlements A and B at the same time.
-
Company policies are very flexible, and can be defined for any company resources you are managing with Manager. For example, a policy might only allow identities from a certain department to own a certain entitlement.
-
Each item that an identity access can be given a risk value. A risk index can be calculated for identities, accounts, organization, roles, and for the groups of resources available for request. You can then use the risk indexes to help prioritize your compliance activities.
Some rules are preventative. For example, a request will not be processed if it violates the rules, unless exception approval is explicitly granted and an approver allows it. Compliance rules (if appropriate) and company policies are run on a regular schedule and violations appear in the identity’s Web Portal to be dealt with there. Company policies can contribute to mitigation control by reducing risk. For example, if risks are posed by identities running processes outside the One Identity Manager solution and causing violations. Reports and dashboards provide you with comprehensive compliance information. For more information, see What statistics are available?.
You can use items on the Compliance menu to perform various actions and collect information. The following tables provide you with an overview of the menu items and actions that can be run here.
My actions (page description)
To open the My Actions page go to Compliance > My Actions.
On the My Actions page, you can perform various actions regarding compliance.
To do this, click on one of the tiles:
Pending rule violations (page description)
To open the Pending Rule Violations page go to Compliance > My Actions > Pending Rule Violations.
On the Pending Rule Violations page, you can:
TIP If you are an auditor or an approver, you can obtain more information about exception approvals from Auditing menu.
The following tables give you an overview of the various features and content on the Pending Rule Violations page.
Table 238: Controls in the details pane of a rule violation
Valid until |
You can use this option to define until when this approval decision is valid (see Granting and denying rule violation exceptions). |
Resolve |
Use this button to resolve the rule violation. When resolving the rule violation, you have the option of removing individual entitlements (see Resolving rule violations). |
Table 239: Columns
Employee |
Shows you the name of the identity that violated the rule. |
Rule violation |
Shows you the name of the violated rule. |
Approval state |
Shows you what status the rule violation currently has.
The following status' are possible:
-
Approval decision pending: The rule violation has yet to be decided.
-
Exception granted: The exception was approved. In the details pane, on the Rule violation tab, you can see why the exception was granted approval.
-
Exception denied: The exception was denied. In the details pane, on the Rule violation tab, you can see why the exception was denied approval. |
Risk index (reduced) |
Shows you the risk index reduced by the mitigating control. |
Approval |
Use these two buttons to make an approval decision about the attestation case.
TIP: If you have made all your approval decisions, click Next to open an overview page and save all the approvals. |
TIP: You can show less data by using the column filters. For more information, see Filtering.
TIP: On the following tabs, you can show other useful information about each rule violation in the pane. To do this, click the corresponding entry in the list.