One Identity Manager provides default attestation policies for default attestation of new users and recertification of all identities stored in the One Identity Manager database. In addition to this, default attestation policies are provided through which various roles, memberships in roles, user accounts, and system entitlements mapped in the Unified Namespace can be attested.
To display default attestation policies
-
In the Manager, select the Attestation > Attestation policies > Predefined category.
You can customize the following properties for default attestation policies:
-
Approval policies (if several approval policies can be assigned)
-
Owner
-
Processing time
-
Risk index
-
Calculation schedule
-
Deactivated
-
Close obsolete tasks automatically
-
Obsolete tasks limit
-
Reason for decision
-
Condition
NOTE: You can edit attestation policies, whose condition is stored as a definition (XML), in the Web Portal. The definition (XML) cannot be edited in the Manager. For more information, see the One Identity Manager Web Designer Web Portal User Guide.