立即与支持人员聊天
与支持团队交流

Identity Manager 9.2 - Attestation Administration Guide

Attestation and recertification
One Identity Manager users for attestation Attestation base data Attestation types Attestation procedure Attestation schedules Compliance frameworks Chief approval team Attestation policy owners Standard reasons for attestation Attestation policies Sample attestation Grouping attestation policies Custom mail templates for notifications Suspending attestation Automatic attestation of policy violations
Approval processes for attestation cases
Approval policies for attestations Approval workflow for attestations Selecting attestors Setting up multi-factor authentication for attestation Prevent attestation by identity awaiting attestation Automatic acceptance of attestation approvals Phases of attestation Attestation by peer group analysis Approval recommendations for attestations Managing attestation cases
Attestation sequence Default attestations Mitigating controls Setting up attestation in a separate database Configuration parameters for attestation

Creating, editing, and deleting adaptive cards for attestations

One Identity Manager provides adaptive cards for requesting attestation in German and English. These can be displayed in the Manager. You can create your own templates for adaptive cards, for example to make changes to the content or to provide adaptive cards in other languages. The recipient's language preferences are taken into account when an adaptive card is generated. If a language cannot be identified or there is no suitable template for the language found, en-US is used as fallback.

To use your own adaptive cards for attestations, configure the ATT_AttestationHelper approve anywhere process accordingly.

To display an adaptive card

  1. In the Manager, select the Attestation > Basic configuration data > Adaptive cards category.

  2. Select the adaptive card in the result list.

  3. Select the Change main data task.

  4. In the Adaptive card templates menu, select a template.

    This displays the adaptive card's definition in the Template field.

    • To display the entire JSON code, click .

To create an adaptive card.

  1. In the Manager, select the Attestation > Basic configuration data > Adaptive cards category.

  2. Click in the result list.

  3. Edit the adaptive card's main data.

  4. Create a new template for adaptive cards.

  5. Save the changes.
  6. Create additional language-specific templates for this adaptive card as required and save the changes.

To use your customized adaptive card

  1. In the Designer, edit the ATT_AttestationHelper approve anywhere process.

    1. Select the Send Adaptive Card to Starling Cloud Assistant process step.

    2. Edit the value of the ParameterValue2 parameter and replace the name and UID with the values of your customized adaptive card.

  2. Save the changes.

To delete an adaptive card.

  1. In the Manager, select the Attestation > Basic configuration data > Adaptive cards category.

  2. Select the adaptive card in the result list.

  3. Click in the result list.

    This deletes the adaptive card and all the templates belonging to it.

Related topics

Creating, editing, and deleting adaptive cards templates for attestations

To use your own adaptive cards or to provide adaptive cards in other languages, create your own adaptive card's templates.

To create an adaptive card template

  1. In the Manager, select the Attestation > Basic configuration data > Adaptive cards category.

  2. Select the adaptive card in the result list.

  3. Edit the adaptive card's main data.

  4. Next to the Adaptive card templates menu, click .

  5. In the Language menu, select a language for the adaptive card.

    All active languages are shown. To use another language, in the Designer, enable the corresponding countries. For more information, see the One Identity Manager Configuration Guide.

  6. In the Template field, write a definition for the adaptive card.

    • To display the entire JSON code, click .

    You can use the Adaptive Card Designer from Microsoft or the Visual Studio Code plug-in to help.

  7. Save the changes.
  8. In the Designer, check the ATT_CloudAssistant_ApprovalAnywhere script and modify it to suit your requirements.

To edit an adaptive card template

  1. In the Manager, select the Attestation > Basic configuration data > Adaptive cards category.

  2. In the result list, select the adaptive card whose template you want to edit.

  3. Select the Change main data task.

  4. In the Adaptive card templates menu, select a template.

  5. In the Template field, edit the adaptive card definition.

    • To edit the entire JSON code, click .

  6. Save the changes.

To delete an adaptive card template

  1. In the Manager, select the Attestation > Basic configuration data > Adaptive cards category.

  2. In the result list, select the adaptive card whose template you want to delete.

  3. Edit the adaptive card's main data.

  4. In the Adaptive card templates menu, select the template.

  5. Click next to the menu.

  6. Save the changes.
Related topics

General main data for adaptive cards

Enter the following main data for an adaptive card.

Table 40: Adaptive card main data

Property

Description

Adaptive card

Name of the adaptive card.

Description

Text field for additional explanation.

Disabled

Specifies whether the adaptive card is actively used.

Adaptive card templates

Name of templates to use with this adaptive card.

Language

The template is provided in this language. The recipient's language preferences are taken into account when an adaptive card is generated and a matching template is applied. If a language cannot be identified or there is no suitable template for the language found, en-US is used as fallback.

Template

JSON template of the adaptive card that contains placeholders for Adaptive Cards Templating.

Related topics

Deploying and evaluating adaptive cards for attestations

If an attestor is found in an approval step and this approval step has a mail template allocated to it, the ATT_AttestationHelper approve anywhere process is run. The process is generated if the following conditions are fulfilled:

  • The attestor is registered as the recipient in Starling Cloud Assistant.

  • A default email address is stored for the attestor.

  • The QER | Person | Starling | UseApprovalAnywhere configuration parameter is set.

  • An expiry date is entered in the QER | Person | Starling | UseApprovalAnywhere | SecondsToExpire configuration parameter.

  • The QER | Attestation | MailTemplateIdents | RequestApproverByCollection configuration parameter is not set.

    - OR -

    Always send notification of pending attestations is set on the attestation policy.

The process calls the ATT_CloudAssistant_CreateMessage_AttestationHelper script passing to it the name and UID of the adaptive card to send. The script creates the adaptive card from the JSON template for adaptive cards and the data in the attestation case and then sends it to the attestor. The QER_CloudAssistant_CheckMessage_AttestationHelper script checks if the attestor has sent a response, evaluates the response and updates the attestation case according to the approval decision.

NOTE: If you want to use your own adaptive cards template, check the ATT_CloudAssistant_CreateMessage_AttestationHelper, ATT_CloudAssistant_CreateData_AttestationHelper, and ATT_CloudAssistant_CheckMessage_AttestationHelper scripts and adjust them if necessary to reflect content changes in the template. For more information about overriding scripts, see the One Identity Manager Configuration Guide.

Related topics
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级