立即与支持人员聊天
与支持团队交流

Identity Manager 9.1 - Attestation Administration Guide

Attestation and recertification
One Identity Manager users for attestation Attestation base data Attestation types Attestation procedure Attestation schedules Compliance frameworks Chief approval team Attestation policy owners Standard reasons for attestation Attestation policies Sample attestation Grouping attestation policies Custom mail templates for notifications Suspending attestation
Approval processes for attestation cases
Approval policies for attestations Approval workflow for attestations Selecting attestors Setting up multi-factor authentication for attestation Prevent attestation by employee awaiting attestation Phases of attestation Attestation by peer group analysis Managing attestation cases
Attestation sequence Default attestation and withdrawal of entitlements User attestation and recertification Certifying new roles and organizations Mitigating controls Setting up attestation in a separate database Configuration parameters for attestation

Defining reports for attestation

Define attestation reports with the Report Editor. For more information about creating reports with the Report Editor, see the One Identity Manager Configuration Guide.

Note the following when you define a report for attestation:

  • The base table for the report must be identical to the one for the attestation procedure.

  • Enter Attestation as the report category. This ensures that the report is displayed in the Report menu of the attestation procedure.

  • In order to create a report for each attestation object with the information relating exactly to the attestation object, define a ObjectKeyBase parameter for the attestation object in the report. Use the parameters in the data source definition for the report in Condition field.

    Example: XObjectKey = @ObjectKeyBase

Default reports

One Identity Manager supplies some default reports for attestation. These are used in the default attestation procedures, amongst others.

TIP: Default reports cannot be changed. If you want to customize a default report, create a copy and edit it according to your requirements. Then assign the copy to the attestation procedure.

Related topics

Defining snapshot content

If no report is specified in the attestation procedure, the attestors receive all necessary information about the respective attestation object from a snapshot that is generated when the attestation cases are created. The snapshot contains all object properties, the objects referenced by foreign key, and their properties. Therefore, a snapshot can contain a lot of information that is not necessarily required by attestation. Also, if the table containing the attestation objects has a lot of foreign key columns, generating the attestation operations can take a long time.

To speed up creating the snapshots and to limit their content to the required information, in the attestation procedures, it is possible to configure which object properties and object references are included in the snapshots. The contents of snapshots can be limited as follows:

  • Attestation object: descriptive properties only

    Only the descriptive properties of the attestation object itself are included in the snapshot. Referenced objects are not included.

    Descriptive properties include mandatory columns, columns indexed for searching, or columns marked for logging data changes.

  • Object references: only related objects 1-3

    Only the object references specified in the Related objects 1-3 (Template) input fields are included in the snapshot. All other references objects are not included.

    If the option is not set, all references objects are included in the snapshot.

  • Object references: descriptive properties only

    Only the descriptive properties of the referenced objects are included in the snapshot. Foreign keys are not included.

    If the option is disabled, all properties of referenced objects, including all foreign keys and the X columns, are included in the snapshot.

If none of these options is selected, the snapshot contains:

  • All the attestation object properties

  • All objects references by foreign key

  • All properties of the referenced objects

TIP: If the attestation cases are created, the ATT_GetAttestationObject script generated the snapshots for the attestation objects. If properties other than those determined in this way are to be displayed in the Web Portal, you can either override the script on a custom basis or enter a custom education rule in the AttestationCase.ReportContent column.

Related topics

Default attestation procedures

One Identity Manager provides a default approval procedure for default attestation of new users and recertification of all employees stored in the One Identity Manager database. Moreover, default approval procedures are supplied through which the different roles, user accounts, and system entitlements mapped in the Unified Namespace can be attested. Using these default approval policies you can create attestation procedures easily in the Web Portal.

To display default attestation procedures

  • In the Manager, select the Attestation > Basic configuration data > Attestation procedures > Predefined category.

For more information about using default attestation procedures, see the One Identity Manager Web Designer Web Portal User Guide.

Related topics

Additional tasks for attestation procedures

After you have entered the main data, you can run the following tasks.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级