Attestation Inbox Components of Attestation Tasks

Managing Attestation Processes 19-7 At the end of this stage, all the attestation tasks are in the attestation inboxes of the reviewers.

19.1.5.2 Stage 2: Acting on an Attestation Task

When an attestation task is assigned to a reviewer, the reviewer receives an e-mail, and the task is displayed in the reviewers attestation inbox. The reviewer views task details in this inbox. From the task details page, the reviewer provides a response and, if required, a comment for each entitlement. This marks the attestation entitlement detail in the task as Response Provided. If the reviewers response includes delegating the attestation activity for a specific entitlement, then the reviewer must provide a delegated user. Optionally, the reviewer can provide comments explaining why the reviewer is delegating the attestation activity to that user. After the reviewer provides responses to all entitlements, the reviewer can commit their action for the attestation task by submitting all responses. Figure 19–3 Flow of Events When Reviewer Responds to Entitlement At this point, the next stage of the Attestation Business Process begins.

19.1.5.3 Stage 3: Processing a Submitted Attestation Task

The Attestation Task is marked as Submitted. At this point the attestation task is frozen, and cannot be acted on further. For each entitlement in the attestation task, the response is examined by the system. If the response is to either certify or reject, then the provisioned resource instance corresponding to that entitlement is updated accordingly. At the provisioned resource instance level, the last attestation result, the Has response been provided for all entitlements in the task Is the response “Delegate” Reviewer provides a response for an entitlement Save any comments provided as part of the task entitlement detail Enable the “Submit Response” button in the task Mark the task entitlement detail as “Response Provided” Record the response for the task entitlement detail Gather delegate information and comments Save delegate information and comments No Yes Yes 19-8 Oracle Fusion Middleware Users Guide for Oracle Identity Manager time at which last attestation occurred, and who the reviewer was are recorded. If the response is to decline or delegate, then the attestation detail at the provisioned resource level is not changed. The User Attestation Event Occurred task is inserted into the provisioning process of the resource instance. This starts any attestation-driven workflows that may have been defined. Any comments are saved to the notes field of the task. The attestation entitlement detail in the task is marked as Response Submitted. Figure 19–4 shows the flow of events after the attestation task response is submitted. Figure 19–4 Flow of Events After Attestation Task Response Is Submitted The following statistics are updated on the process instance: ■ Number of entitlements certified ■ Number of entitlements rejected ■ Number of entitlements declined ■ Number of entitlements delegated After all entitlements are covered, a subflow for follow-up action is initiated. In this flow, the process examines if the response for any of the entitlements in the task was declined. If there were any such entitlements, then the process sends e-mail to the Process Owner outlining the details of the decline action. Next, the process examines if the response for any of the entitlements in the task was delegated. If there were any such entitlements, then the process identifies all the users that the reviewer selected as delegates and creates an attestation task for each. Each attestation task is only for the entitlements that the reviewer delegated to the user. The delegated user receives e-mail notification about the delegation. Reviewer Commits Attestation Task Responses Task is removed from the Reviewers Attestation Inbox Attestation Workflow if configured is initiated Mark the Attestation Task as “Submitted” What was the reviewer’s response For each entitlement in the task Insert an instance of the appropriate “User Attestation Event Occurred” task into the provisionig process of the provisioned resource instance. Set the appropriate response code and save the comment if any. Mark the task entitlement detail as “Response Submitted” Update the appropriate statistics on the Process Instance Task Follow-Up Sub-Flow Mark the Attestation Task as “Complete” Update the sttestation details state, timestamp, reviewer of the appropriate provisioned resource instance DeclineDelegate CertifyReject