• System Role Membership Attestation

    I have a question with system role membership attestation. 

    I have a requirement that every 12 months after an Employee is added to a certain system role (PersonHasESet).

    I've  added a condition to only retrieve memberships (PersonHasESet) from the…

  • Azure read only for attestations

    I have a use case for attesting to Azure DirectoryRole assignments. This is the only use case we have for connecting to Azure from OneIM. The customer is hesitant to grant us the permissions of Global Admin as discussed in the OneIM documentation as we should…
  • Problem with button “Deny” in Attestation Workflows.

    When we deny an attestation approval, the product shows the next error:

    We have check if the product doesn’t have the required dll (ATT.CompositionApi.dll), and we have check if the script has any error, but it compiles normally.


    Error executing…

  • Compliance Risk check during attestation


    Hope everyone is having a nice time :)

    I have a query and require assistance.

    We are trying to configure Attestation in the IAM solution(8.0.1).

    In our request workflows we have configured SoD checks using the 'CR - Compliance check simplified'…

  • Attestation mail events are not getting triggered


    We are working on One IM version 8.0 and we have restored our database. But, now attestation mails are not getting triggered. We see that event "DecisionRequired" should get triggered when a new attestation is raised or when a new ITshop request is…

  • Creating Attestation Policy in Web Portal v8.0.1

    So I'm trying to create a custom attestation policy in the web portal and I'm finding that I'm only getting access to the OOB attestation procedures, approval policies, etc.  I cannot select the custom ones I created in Manager.  Is this by…

  • where to check the attestation status for user self-register? Identity manager 7.1.2

     A user self-register triggered a new user attestation , where can check the attestation workflow status for the new user ?Only IT can help check the status for him ?or any other way to check by himself ?

    Please help ........Thanks a ton !!

  • New user attestation approval flow advice OIM 8.0.1

    Hey all,

    So in a scenario where business units across the enterprise have differing hierarchies, I was wondering what your thoughts would be on handling the following.

    1. New person is inserted

      1. Person has direct manager
        1. New user attestation sent to the…
  • How to make attestation as a self service feature


    I want to attestation to be made as self service so that manager can run attestation on the objects. Right now, attestation runs on schedule basis or can be ran from backend (Manager) but I want to make this feature available in front end as well.…

  • New user certification version 8.0

    Hi ,

    I have customized the new user certification process with approval steps.

    In my case where a group of members will create the consultants and they want to check the status, currently consultants line manager can only check.

    Am not sure which permission…

  • Attestation of Application Roles in case of an event

     HI Experts,


    I need to implement an attestation use case where attestation can be triggered on an event. For.e.g. Whenever an entitlement is assigned to a user in a connected endpoint ( like AD) and upon Reconciliation , the entitlement is updated in…

  • User Recertification auto Aborted by system

    Hi All,

    During Attestation certification about 16k Attestation cases were created out of which about 120 were auto closed by the system.

    - These 120 attestations were Aborted with message " #LDS#Automatic system approval:  No approver available.|…

  • Attestation Approval by E-mail Reply (Exchange Online)

    I located the following technical document regarding attestation by e-mail responses, however I'm curious to know if this is possible in environments that do not have on premise Exchange, but have Exchange Online that is synchronized to AD without Identity…

  • Error running attestatino policy:The CancellationTokenSource has been disposed.

    Hi all,


    I'm implementing a button in the Attestation POlicies Settings that run an attestation policy from the web portal using a customizer method.

    But when I try it I get this error: 

    An exception has occurred while executing the form method Popup1_Popup1_ControlRef2_Container6_Button3_Method…
  • Attestation Preview - Add Column


    Can someone tell me where i can make a column view-able in the attestation preview?

    I need to extend the schema and add the template for view.

    Thank you, 


  • How to find Attestors via a script

    I am creating a Membership Attestation for special AD Groups but the Owners (attestors) to those groups is not maintained in AD, it is maintained in ServiceNow.  So, it would be great if I could create a custom approval procedure that could use a script…

  • RE: Excluding disabled/inactive users from Attestation policy.

    Correct your SQL to:

    EXISTS (SELECT 1 FROM (SELECT UID_UNSAccount FROM UNSAccount WHERE AccountDisabled=0) x WHERE x.UID_UNSAccount = UNSAccountInUNSGroupTotal.UID_UNSAccount)


  • RE: Excluding disabled/inactive users from Attestation policy.

    The System entitlement membership attestation does not generate a report during attestation but separate attestation cases for the memberships.

    For that use case my sample works as described. The group owner has only those memberships to attest that are…

  • RE: Excluding disabled/inactive users from Attestation policy.

    Hi Alok,

    you can create your own custom attestation wizard parameter for the System entitlement membership attestation. Please see the screenshot attached for a parameter that would select only enabled users in the attestation.

    The parameter can be combined…

  • RE: Attestation issue: System entitlement membership attestation - Requested group membership found but not removed (disabled)


    you have to configure the automatic removal of the system entitlement memberships accordingly.

    Please take a look in the chapter "Default Attestation and Withdrawal of Entitlements" in the "IdentityManagement.PDF" (page 880ff in 6.1.2).…

  • RE: Error while removing the AD group after attestaion denied by User Manager


    can you please verify that your copied attestation policy is assigned to the ootb attestation procedure "System entitlement membership attestation".

    In 6.1.2 the ootb process VI_Attestation_AttestationCase_AutoRemoveMemberships only works…

  • RE: Formated date value for attestation procedure


    you cannot control the string conversion for the column ExitDate directly.


    You can create a dialog script that is doing the conversion and reference the script in the attestation procedure.

    Script Sample


  • RE: User Manager Attestation Policy- Manager value


    on behalf of my colleague Herwig I'm posting his answer to your question:

    In D1IM not a single person get responsible for a decision, it is always the position which is responsible.  This means if Mr. Doe is my manager he could be responsible for…