Chat now with support
Chat mit Support

Identity Manager On Demand Hosted - Compliance Rules Administration Guide

Compliance rules and identity audit
One Identity Manager users for identity audit Basic data for setting up rules Setting up a rule base rule check Mail templates for notifying about identity auditing
Mitigating controls Configuration parameters for Identity Audit

Specifying scope limits for extended properties

You can subdivide extended properties by specifying scoped limits. You are not obliged to enter scoped limit. If you do enter a lower boundary you are not required to enter an upper one. However, if you specify an upper boundary, you have to enter a lower one.

Take note of the following when defining scoped limits:

  • Basically, any string is permitted as a lower or upper scoped limit.

  • You can use * as a wildcard for any number of characters (even null).

  • Wild cards can only be added to the end of a string, for example, AB*. Strings such as *AB or A*B are not allowed, for example.

  • If you enter a lower boundary without a wildcard, you cannot use a wildcard in the upper boundary.

The following restrictions apply for the length of the string:

  • If you enter a lower and upper boundary without a wildcard, the strings have to be the same length, for example, lower boundary 123/upper boundary 456. A lower boundary of 123 and an upper of 45, for example, is not permitted or a lower boundary 123/upper boundary 4567 is also not allowed.

  • If you use a wildcard in the lower boundary but none in the upper boundary, then the length of the upper boundary string needs to be the same as or bigger than the string in the lower boundary.

  • If you use a wildcard in the lower and upper boundary, they have to be the same length, for example, lower boundary 123*/upper boundary 456*. A lower boundary of 123* and an upper of 45*, for example, is not permitted or a lower boundary 123*/upper boundary 4567* is also not allowed.

Overview of extended properties

Use this task to obtain an overview of the most important information about an extended property. For this you need to take into account the affiliation of the extended property to the different One Identity Manager objects.

To obtain an overview of an extended property

  1. In the Manager, select the Identity Audit > Basic configuration data > Extended properties > <property group> category.

  2. Select the extended property in the result list.

  3. Select the Extended property overview task.

To obtain an overview of a property group

  1. In the Manager, select the Identity Audit > Basic configuration data > Extended properties category.

  2. Select a property group in the result list.

  3. Select the Property group overview task.

Assigning objects to extended properties

You can assign extended properties to company resources, hierarchical roles, and employees.

To assign objects to an extended property

  1. In the Manager, select the Identity Audit > Basic configuration data > Extended properties > <property group> category.

  2. Select the extended property in the result list.

  3. Select the Assign objects task.

  4. In the Table menu, select the required object type.

    The object belonging to the object types are displayed on the form.

  5. In the Add assignments pane, assign objects.

    TIP: In the Remove assignments pane, you can remove object assignments.

    To remove an assignment

    • Select the object and double-click .
  6. Save the changes.

Functional areas

To analyze rule checks for different areas of your company in the context of identity audit, you can set up functional areas. Functional areas can be assigned to hierarchical roles and service items. You can enter criteria that provide information about risks from rule violations for functional areas and hierarchical roles. To do this, you specify how many rule violations are permitted in a functional area or a role. You can enter separate assessment criteria for each role, such as a risk index or transparency index.

Moreover, functional areas can be replaced by peer group analysis during request approvals or attestation cases.

Example: Use of functional areas

To assess the risk of rule violations for cost centers. Proceed as follows:

  1. Set up functional areas.

  2. Assign cost centers to the functional areas.

  3. Define assessment criteria for the cost centers.

  4. Specify the number of rule violations allowed for the functional area.

  5. Assign compliance rules required for the analysis to the functional area.

  6. Use the One Identity Manager report function to create a report that prepares the result of rule checking for the functional area by any criteria.

To create or edit a functional area

  1. In the Manager, select the Identity Audit > Basic configuration data > Functional areas category.

  2. In the result list, select a function area and run the Change main data task.

    - OR -

    Click in the result list.

  3. Edit the function area main data.

  4. Save the changes.

Enter the following data for a functional area.

Table 7: Functional area properties

Property

Description

Functional area

Description of the functional area

Parent Functional area

Parent functional area in a hierarchy.

Select a parent functional area from the list for organizing your functional areas hierarchically.

Max. number of rule violations

List of rule violation valid for this functional area. This value can be evaluated during the rule check.

Description

Text field for additional explanation.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen