立即与支持人员聊天
与支持团队交流

Identity Manager 9.3 - Attestation Administration Guide

Attestation and recertification
One Identity Manager users for attestation Attestation base data Attestation types Attestation procedure Attestation schedules Compliance frameworks Chief approval team Attestation policy owners Standard reasons for attestation Providing terms of use for attestation Attestation policies Sample attestation Grouping attestation policies Custom mail templates for notifications Suspending attestation Automatic attestation of policy violations
Approval processes for attestation cases
Approval policies for attestations Approval workflow for attestations Selecting attestors Setting up multi-factor authentication for attestation Prevent attestation by identity awaiting attestation Automatic acceptance of attestation approvals Phases of attestation Attestation by peer group analysis Approval recommendations for attestations Managing attestation cases
Attestation sequence Default attestations Mitigating controls for attestation policies Setting up attestation in a separate database Configuration parameters for attestation

Disabling attestation policies

Attestations are run when the schedule assigned to an attestation policy is enabled. You can disabled attestation policies to prevent attestation cases being created for individual attestation policies.

IMPORTANT: All associated attestation cases are deleted. To be able to trace the changes later, configure how the data is logged. For more information, see Deleting attestation cases and the One Identity Manager Configuration Guide.

TIP: Numerous default attestation policies are supplied with One Identity Manager. Check which of the default attestation policies are relevant for your data situation when you set up your database. Disable all unnecessary attestation policies.

To disable an attestation policy

  1. In the Manager, select the Attestation > Attestation policies category.

  2. Select the attestation policy in the result list and run the Change main data task.

  3. Set Disabled.

  4. Save the changes.
Related topics

Sample attestation

Sample attestation provides a way to limit the set of attestation objects for an attestation. For example, this can be useful if attesting everyone in an audit would take too long. The sampling data can either be generated automatically or compiled manually.

The One Identity Manager provides a standard sample that is used to attest memberships in system entitlements after organizational changes.

Detailed information about this topic

Creating, editing, deleting samples

To be prepare sample attestations:

  • Create samples.

  • Define the sampling data.

  • Assign the samples to the attestation policies that will use them.

To create a sample

  1. In the Manager, select the Attestation > Samples category.

  2. Click in the result list.

  3. Edit the sample's main data.

  4. Save the changes.

To edit a sample

  1. In the Manager, select the Attestation > Samples category.

  2. In the result list, select the sample and run the Change main data task.

  3. Edit the sample's main data.

  4. Save the changes.

To delete a sample

  1. In the Manager, select the Attestation > Samples category.

  2. In the result list, select the sample and click .

  3. Confirm the security prompt with Yes.
Detailed information about this topic

General main data of samples

Enter the following main data of a sample.

Table 12: General main data of a sample

Property

Description

Display name

Name of the sample.

Table

Table that contains the selected sampling data.

Manually selected

Specifies whether the sampling data is manually selected.

Remove items after attestation run

Specifies whether the sampling data is deleted from the sample after each attestation run.

After each attestation of this sample, the sampling data must be regenerated.

The option is not taken into account when attesting individually selected objects.

Related topics
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级