Assigning attestation policies
Use this task to assign attestation policies to the selected compliance framework.
To assign attestation policies to a compliance framework
-
In the Manager, select the Attestation > Basic configuration data > Compliance frameworks category.
- Select the compliance framework from the result list.
-
Select the Assign attestation polices task.
Assign the attestation policies in Add assignments.
TIP: In the Remove assignments pane, you can remove attestation policy assignments.
To remove an assignment
- Save the changes.
Chief approval team
Sometimes, approval decisions cannot be made for attestation cases because an attestor is not available or does not have access to One Identity Manager tools. To complete these attestations, you can define a chief approval team whose members are authorized to intervene in the approval process at any time.
There is a default application role in One Identity Manager for the chief approval team. Assign this application role to all identities who are authorized to approve, deny, cancel attestations in special cases, or to authorize other attestors. For more information about application roles, see the One Identity Manager Authorization and Authentication Guide.
Table 8: Default application role for chief approval team
Chief approval team |
The chief approver must be assigned to the Identity & Access Governance | Attestation | Chief approval team application role.
Users with this application role:
|
To add members to the chief approval team
-
In the Manager, select the Attestation > Basic configuration data > Chief approval team category.
-
Select the Assign identities task.
In the Add assignments pane, assign the identities who are authorized to approve all attestations.
TIP: In the Remove assignments pane, you can remove assigned identities.
To remove an assignment
- Save the changes.
Detailed information about this topic
Attestation policy owners
Default application roles for attestation policy owners are available in One Identity Manager. These owners are entitled to edit attestation policies. For more information about application roles, see the One Identity Manager Authorization and Authentication Guide.
Table 9: Default application roles for attestation policy owners
Attestation policy owners |
Owners of attestation policies must be assigned to a child application role of the Identity & Access Governance | Attestation | Attestation policy owners application role.
Users with this application role:
-
Are responsible for its content and handle the attestation policies assigned to it.
-
Assign the attestation procedure, approval policy, and calculation schedule.
-
Assign approvers, mitigating controls, and compliance frameworks.
-
Monitor attestation cases and attestation runs. |
Direct owners |
Direct owners are all identities assigned to an attestation policy as an Owner (UID_PersonOwner column). Members of this application role are determined through a dynamic role. |
Owner role |
This application role or child application role can be assigned to attestation policies as an Owner (application role) (UID_AERoleOwner column) This allows you to specify groups of identities as owners for attestation policies. Identities are added as members to application roles by direct assignment. |
To add members to the owner role
-
In the Manager, select the Attestation > Basic configuration data > Attestation policy owners > Owner role category.
-
Select the Assign identities task.
In the Add Assignments pane, assign the identities that are allowed to edit an attestation policy.
TIP: In the Remove assignments pane, you can remove the assignment of identities.
To remove an assignment
- Save the changes.
If you want to restrict owners' permissions to individual attestation policies, create child application roles.
To specify an owner role for an attestation policy
-
Log in to the Manager as an attestation administrator (Identity & Access Governance | Attestation | Administrators application role).
-
Select the Attestation > Attestation policies category.
-
Select the attestation policy in the result list.
-
Select the Change main data task.
-
In the Owner (application role) menu, select the owner role.
- OR -
Click next to the menu to create a new application role.
-
Enter the application role name and assign the Identity & Access Governance | Attestation | Attestation policy owners | Owner role parent application role.
-
Click OK to add the new application role.
- Save the changes.
-
Assign identities to this application role who are permitted to edit the attestation policy.
Related topics
Standard reasons for attestation
For attestations, you can specify reasons in the Web Portal that explain the individual approval decisions. You can freely formulate this text. You also have the option to predefine reasons. The attestors can select a suitable text from these standard reasons in the Web Portal and store it with the attestation case.
Standard reasons are displayed in the attestation history.
To create or edit standard reasons
-
In the Manager, select the Attestation > Basic configuration data > Standard reasons category.
-
Select a standard reason in the result list and run the Change main data task.
- OR -
Click in the result list.
-
Edit the main data of a standard reason.
- Save the changes.
Enter the following properties for the standard reason.
Table 10: General main data of a standard reason
Standard reason |
Reason text as displayed in the Web Portal and in the attestation history. |
Description |
Text field for additional explanation. |
Automatic Approval |
Specifies whether the reason text is only used for automatic approvals by One Identity Manager. This standard reason cannot be selected by manual approvals in the Web Portal.
Do not set the option if the you want to select the standard reason in the Web Portal. |
Additional text required |
Specifies whether an additional reason should be entered in free text for the attestation. |
Usage type |
Usage type of standard reason. Assign one or more usage types to allow filtering of the standard reasons in the Web Portal. |
Related topics