立即与支持人员聊天

获得即时帮助
完成注册

登录

请求定价

联系销售人员

Identity Manager 9.3 - Attestation Administration Guide

Attestation and recertification

One Identity Manager users for attestation Attestation base data Attestation types

Default attestation types Additional tasks for attestation types

Overview of the attestation type Assigning attestation procedures

Attestation procedure

General main data of an attestation procedure Templates for attestation procedures Providing information about attestation objects

Defining reports for attestation Defining snapshot content

Default attestation procedures Additional tasks for attestation procedures

Overview of the attestation procedure Assigning approval policies to attestation procedures Creating a copy

Attestation schedules

Default schedules Assigning attestation policies Assigning policy collections Schedule overview Starting schedules immediately

Compliance frameworks

Additional tasks for compliance frameworks

Compliance framework overview Assigning attestation policies

Chief approval team Attestation policy owners Standard reasons for attestation

Predefined standard reasons for attestations

Providing terms of use for attestation

Assigning files to terms of use Displaying the terms of use overview

Attestation policies

General main data of attestation policies Specifying risk indexes for attestation guidelines Default attestation policies Additional tasks for attestation policies

The attestation policy overview Assigning approvers to attestation policies Assigning compliance frameworks to attestation policies Mitigating controls

Assigning mitigating controls Creating mitigating controls for attestation policies

Running attestation for single objects Showing or hiding conditions Copy attestation policies Showing selected objects Deleting attestation policies

Disabling attestation policies

Sample attestation

Creating, editing, deleting samples General main data of samples Managing sampling data Generating sampling data automatically Using samples with attestation policies Displaying the sample overview Default sample for attesting memberships in system entitlements Default sample for attesting identities

Grouping attestation policies

Creating and editing policy collections General main data of policy collections Assigning policy collections to attestation policies Disabling policy collections Deleting policy collections Default policy collections

Custom mail templates for notifications

Creating and editing attestation mail templates General properties of a mail template Creating and editing a mail definition

Using base object properties Use of hyperlinks in the Web Portal

Default functions for creating hyperlinks

Customizing email signatures

Copying mail templates for attestation Displaying attestation mail templates previews Deleting mail templates for attestation Custom notification processes

Suspending attestation Automatic attestation of policy violations

Approval processes for attestation cases

Approval policies for attestations

General main data of approval policies Default approval policies Editing approval workflows Validity checking Copying approval policies

Approval workflow for attestations

Working with the Workflow Editor Setting up approval workflows

Editing approval levels Editing approval steps Properties of an approval step Connecting approval levels

Copying approval workflows Deleting approval workflows The approval workflow overview Default approval workflows

Selecting attestors

Default approval procedures

Determining attestors via attestation objects Determining attestors via the primary role of the identity to attest Determining attestors using the service item of the attestation object Determining attestors via attestation object managers Determining managers or members of a role as attestors Determining attested identities as attestors Determining identities linked to user accounts as attestors Determining target system managers as attestors Determining attestors via product owners Determining attestors via owners of the attestation objects Determining owners or approvers of attestation policies Calculated approval Approvals to be made externally Waiting for further approval

Setting up approval procedures

General main data of an approval procedure Queries for finding attestors Specifying permitted approval procedures for tables

Overview of approval procedures Copying an approval procedure Deleting approval procedures Determining the responsible attestors

Setting up multi-factor authentication for attestation Prevent attestation by identity awaiting attestation Automatic acceptance of attestation approvals Phases of attestation

Setting up the staging phase Criteria for the Staging phase Setting up the challenge phase Setting up withdrawal of entitlements

Attestation by peer group analysis

Configuring peer group analysis for attestations

Approval recommendations for attestations

Criteria for approval recommendations for attestation Configuring approval recommendations for attestation

Managing attestation cases

Getting more information Appointing other attestors Escalating an attestation case Attestors cannot be established Automatic approval on timeout Halting an attestation case on timeout Attesting by chief approval team

Attestation sequence

Starting attestation Attestation case overview Approval sequence Attestation history Modifying approval workflows for pending attestation cases Closing attestation cases for deactivated identities Deleting attestation cases Notifications in the attestation case

Requesting attestation Reminding attestors Scheduling attestation requests Reminding attestors about attestation objects Granting or denying attestation cases Notifying delegates Canceling attestation cases Escalation of attestation cases Delegating attestations Rejecting approvals Notifications with questions Notifications from additional attestors Link for verifying new external users Default mail templates

Attestation by mail

Processing attestation mails

Adaptive cards attestation

Using adaptive cards for attestations Adding and deleting recipients and channels Creating, editing, and deleting adaptive cards for attestations Creating, editing, and deleting adaptive cards templates for attestations General main data for adaptive cards Deploying and evaluating adaptive cards for attestations Disabling adaptive cards

Approving attestation cases in the Manager Displaying attestation cases of an attestor Displaying information about attestation objects Assigning extended properties to attestation cases Displaying incomplete attestation runs Canceling incomplete attestation runs Displaying canceled attestation runs Reports about attestations

Default attestations

Configuring withdrawal of entitlements

Attesting system entitlements System role attestation Application role attestation Business role attestation

Configuring sample attestation of identities and their entitlements User attestation and recertification

One Identity Manager users for attesting and recertifying users Configuring user attestation and recertification Attesting new users

Self-registration of new users in the Web Portal Adding new identities using a manager or administrator for identities Importing new identity main data Scheduled attestation Limiting attestation objects for certification

Recertifying existing users

Preparing for recertification The recertification sequence Limiting attestation objects for recertification

Certifying new roles and organizations

One Identity Manager users for certifying roles and organizations Configuring certification of new departments Configuring certification of new cost centers Configuring certification of new locations Configuring certification of new business roles Configuring certification of new application roles

Mitigating controls for attestation policies

General main data of mitigating controls Additional tasks for mitigating controls

Mitigating controls overview Assigning attestation policies

Calculating mitigating controls for attestation policies

Setting up attestation in a separate database

Requirements for the central database Setting up work databases Setting up synchronization between central and work databases Setting up and running attestations in the work database

Configuration parameters for attestation

Managing sampling data

Sampling data can either be generated automatically or compiled manually. To set sampling data manually, assign sampling items to the samples.

To assign sampling items manually

In the Manager, select the Attestation > Samples > Manually selected category.
Select the sample in the result list.
Select the Assign sampling items task.

In the Add assignments pane, assign sampling items.
TIP: In the Remove assignments pane, you can remove the assigned sampling items.

To remove an assignment
- Select the sampling item and double-click .
Save the changes.

To display sampling items for automatically selected samples

In the Manager, select the Attestation > Samples > Automatically selected category.
Select the sample in the result list.
Select the Assign sampling items task.

Related topics

Generating sampling data automatically

One Identity Manager distinguishes between manual sampling and automatic sampling. Automatic sampling can trigger the generation of sampling data as follows:

Event-based: All modified objects of an object class (table from which the sampling data is selected) are calculated.

Example: All user accounts whose risk index has increased since the previous attestation.

For the Monthly organizational changes of identities default sample, the sampling data are generated event-based.

Prerequisite

In the sample, the Manually selected option is disabled.

To generate sampling data for an event-based sample

In the Designer, create a process that is generated when changes are made to the table given in the sample. Use the Execute SQL process task from the SQLComponent process component.

Determine the value of the SQLStmt parameter with the following query:

Dim f As ISqlFormatter = Connection.SqlFormatter

Value = f.StoredProcedure(New SQLFunction("QER", "''", "PPickedItemInsert"), _

    f.FormatValue("<UID_QERPickCategory>", ValType.String, True), _

    f.FormatValue($XObjectKey$, ValType.String, True) _

    )

UID_QERPickCategory: Unique identifier of the sample whose sampling data is to be generated.

For more information about defining processes, see the One Identity Manager Configuration Guide.

If the Remove items after attestation run option is set in the sample, the sampling data will be deleted as soon as an attestation run is completed. This way ensures that the sample always contains only those objects that have been changed since the previous attestation.

Related topics

Using samples with attestation policies

To use sampling for attestation, assign a sample to the appropriate attestation policies. A sample can only be assigned to exactly one attestation policy.

To assign a sample to an attestation policy

In the Manager, select the Attestation > Attestation policies category.
Select an attestation policy in the result list and run the Change main data task.
In the Sample drop-down, select a sample.
- To create a new sample, click . Enter the name of the sample and assign the table from which to take the data for the sample.
Save the changes.

Related topics

Displaying the sample overview

You can display the most important information about a sample on the overview form. You can display the attestation policy that is used with sample.

To obtain an overview of a sample

In the Manager, select the Attestation > Samples category.
Select the sample in the result list.
Select the Sample oerview task .

Related topics

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级

© 2025 One Identity LLC. ALL RIGHTS RESERVED. 使用条款隐私 Cookie Preference Center