Publish of customized attestation policies on the webPortal

In order to see the 'Attestation Policies' menu you will need to be assigned to one the following program features:
Portal_UI_PolicyStatistics, Portal_UI_PolicyOwner, Portal_UI_PolicyAdmin

Hi Niels, thanks for the answer. I'm able to see the "Attestation Policies" menu, but the problem is that the new custom attestation policy created is not present.

Maybe stale cache issue did you reset IIS?

Set the 'Sample property' on the att. policy in Manager
This text will appear: This attestion policy can only be edited in the Web Portal...

tried both (reset IIS and adding "semple property"), but still the same problem, I keep not seeing it from portal

On my side I can see the custom policy.
User has Portal_UI_QERPolicyAdmin and the policy is only visible after setting the Sample property.
and the policy has to be active not [ ] disabled.

Did you create the custom policy from webPortal or Manager tool?

Did you create the custom policy from webPortal or Manager tool?

Manager

If I create an att. policy in the webPortal on the left side you will see:

Objects to be Attested by this Attestation Policy
Add at least one condition.

Then the WhereClauseMeta@AttestationPolicy is filled as Markus stated
and the policy is visible

query webportal uses: select * from AttestationPolicy where not isnull(WhereClauseMeta, N'') = N'' or not isnull(UID_QERPickCategory, '') = ''

The custom attestation policy I created:

• was created by manager
• has a custom attestation procedure
• has a sample
• has a condition
• has a schedule
• has a manager
• is active
• since it was created by manager, the WhereClauseMeta is empty

In addition, my user has the application role "Attestation/Administrators" so with this inherits the Portal_UI_QERPolicyAdmin program function.

Does your cusom att policy appear as a result when you run the following query?

SELECT xobjectkey
	,UID_AttestationPolicy
	,Ident_AttestationPolicy
	,xmarkedfordeletion
FROM AttestationPolicy
WHERE (
		(
			NOT isnull(WhereClauseMeta, N'') = N''
			OR NOT isnull(UID_QERPickCategory, '') = ''
			)
		AND (
			UID_AttestationObject IN (
				SELECT ao.UID_AttestationObject
				FROM attestationobject ao
				JOIN attestationwizardparm p ON p.uid_attestationobject = ao.uid_attestationobject
				WHERE ao.isdeactivatedbypreprocessor = 0
				)
			)
		)
	AND (isinactive = 0)

no, it does not appear and it seems because it is not in the table "attestationwizardparm". In fact if the join with that table is deleted the attestation appears. When is this table supposed to be populated?

I found this post reply from Markus on how to create and assign an Attestation wizard parameter to your custom attestation procedure.
https://www.oneidentity.com/community/identity-manager/f/forum/27916/creating-attestation-policy-in-web-portal-v8-0-1

Thank you very much! I added the Attestation wizard parameter and attestation is visible on the webPortal!

However, having entered the sample, I could not change the condition and by removing the sample the attestation policy is not displayed on the portal. So in order to get it displayed, I removed the sample but from object browser in the “whereclausemeta” property of the attestation policy I added the reference to the Attestation wizard parameter. In this way the condition is editable, but in the drop-down menu I only get the one from the Attestation wizard parameter and I can't edit it at will. As a reference you can see the default attestation policy “Business role membership attestation” in the condition you can select “All roles” which is the one from the Attestation wizard parameter and then there are other options as well.

Do you know how to set this configuration?

It looks like you will need to insert these 'AttestationWizardParm' entries by hand via the objectbrowser
when you have created a custom 'Attestion procedure'. I could not find a GUI option in the Manager or Web portal.

What you could do is create a copy of an existing 'Attestion procedure'
in the Manager see 'Create copy' task below the 'Attestion procedure'
Then a pop-up windows will ask you: Do you want to copy the Attestation Wizard parameters?

I entered the 'AttestationWizardParm' by hand via the objectbrowser for the custom attestation procedure created and now the attestation is visible on the webPortal. But then from the webPortal, the drop-down menu of the condition type contains only the option setted in the Attestation wizard parameter and I can't edit it as for the others. As a reference you can see the default attestation policy “Business role membership attestation”: in the condition type you can select “All roles” which is the one from the Attestation wizard parameter (reference "Business role membership attestation - All roles) and then there are other options as well. How these other options can be inserted in the condition type of the custom attestation policy?