Chat now with support
Chat mit Support

Identity Manager 8.1.5 - Compliance Rules Administration Guide

Compliance rules and identity audit
One Identity Manager users for identity audit Basic data for setting up rules Setting up a rule base rule check Creating custom mail templates for notifications
Mitigating controls Configuration parameters for Identity Audit

Assign objects

You can assign extended properties to company resources, hierarchical roles, and employees.

To assign objects to an extended property

  1. In the Manager, select the Identity Audit | Basic configuration data | Extended properties | <property group> category.

  2. Select the extended property in the result list.

  3. Select the Assign objects task.

  4. Select the desired object type in the Select object type menu.

    The object belonging to the object types are displayed on the form.

  5. In the Add assignments pane, assign objects.

    - OR -

    In the Remove assignments pane, remove objects.

  6. Save the changes.

Assigning property groups

Each extended property must be assigned to at least one property group. Furthermore, you can assign the extended properties to any other property groups.

To assign an extended property to a property group

  1. In the Manager, select the Identity Audit | Basic configuration data | Extended properties | <property group> category.

  2. Select the extended property in the result list.

  3. Select the Assign property groups task.

  4. In the Add assignments pane, assign property groups.

    - OR -

    In the Remove assignments pane, remove property groups.

  5. Save the changes.

Functional areas

To analyze rule checks for different areas of your company in the context of identity audit, you can set up functional areas. Functional areas can be assigned to hierarchical roles and service items. You can enter criteria that provide information about risks from rule violations for functional areas and hierarchical roles. To do this, you specify how many rule violations are permitted in a functional area or a role. You can enter separate assessment criteria for each role, such as a risk index or transparency index.

Example for using functional areas are:

To assess the risk of rule violations for cost centers. Proceed as follows:

  1. Set up functional areas.

  2. Assign cost centers to the functional areas.

  3. Define assessment criteria for the cost centers.

  4. Specify the number of rule violations allowed for the functional area.

  5. Assign compliance rules required for the analysis to the functional area.

  6. Use the One Identity Manager report function to create a report that prepares the result of rule checking for the functional area by any criteria.

To edit functional areas

  1. In the Manager, select the Identity Audit | Basic configuration data | Functional areas category.
  2. In the result list, select a function area and run the Change master data task.

    - OR -

    Click in the result list.

  3. Edit the function area master data.

  4. Save the changes.

Enter the following data for a functional area.

Table 8: Functional area properties

Property

Description

Functional area

Description of the functional area

Parent Functional area

Parent functional area in a hierarchy.

Select a parent functional area from the list in order to organize your functional areas hierarchically.

Max. number of rule violations

List of rule violation valid for this functional area. This value can be evaluated during the rule check.

Description

Text field for additional explanation.

Attestors

Installed modules: Attestation Module

Employees that can be used to attest attestation procedures can be assigned to compliance rules. Assign an application role for attestors to the compliance rules. Assign employees to this application role that are authorized to attest compliance rules.

A default application role for attestors is available in One Identity Manager. You may create other application roles as required. For detailed information about application roles, see the One Identity Manager Authorization and Authentication Guide.

Table 9: Default application roles for attestors
User Tasks

Attestors for Identity Audit

Attestors must be assigned to the Identity & Access Governance | Identity Audit | Attestors application role.

Users with this application role:

  • Attest compliance rules and exception approvals in the Web Portal for which they are responsible.
  • Can view master data for these compliance rules but not edit them.
NOTE: This application role is available if the module Attestation Module is installed.

To edit attestors

  1. Select the Identity Audit | Basic configuration data | Attestors category.
  2. Select the Change master data task.

    - OR -

    Select an application role in the result list. Select the Change master data task.

    - OR -

    Click in the result list.

  3. Edit the application role's master data.
    Property Value
    Parent application role Assign the application role Identity & Access Governance | Identity Audit | Attestors or a child application role.
  4. Save the changes.
  5. Select the Assign employees task, to add members to the application role.
  6. In the Add assignments pane, assign employees.

    - OR -

    In the Remove assignments pane, remove employees.

  7. Save the changes.
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen