# Attestation Tracking

**Attestation** tracking allows you to monitor who has requested access to particular [**Access Entities**](https://docs.yansalabs.com/okta-orchestrator/technical-docs/access-provisioning/access-entities), the status of that access, and when/if that access will be recertified or removed.

Attestations provide a granular view of a user's lifecycle with an Access Entity. Auditing and automatically recertifying access using Attestations is crucial to monitoring user access in an organization and ensuring that costly license entitlements are appropriately allotted.

{% hint style="info" %}
Attestations are configured on each [**Access Entity**](https://docs.yansalabs.com/okta-orchestrator/technical-docs/access-provisioning/access-entities) record. All active and expired Attestations can always be viewed at **Okta Orchestrator -> Attestation -> Attestations** in the left nav.
{% endhint %}

<figure><img src="https://1098786861-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F1sA7VHpQEOTNsE9pk1jN%2Fuploads%2FfrZyIbTvP8zPG2u7SuSz%2F133.jpg?alt=media&#x26;token=4da8a778-c997-4f12-b854-e32fb2200f89" alt=""><figcaption><p>Attestation</p></figcaption></figure>

* **Access entity**: [**Access Entity**](https://docs.yansalabs.com/okta-orchestrator/technical-docs/access-provisioning/access-entities) to which the Attestation is associated
* **Assigned to**: User who requested access
* **State**: Current status of the Attestation
* **Recertification date**: Date on which the Attestation was (or will be) recertified
* **Forced expiration**: When enabled, no recertification of the attestation is possible - access will be automatically revoked on the Recertification date
* **Parent**: This is either the initial request (RITM) that spawned the Attestation, or the previous Attestation that has spawned a renewal