With the Active Roles Console, you can export Policy Objects to an XML file and then import them from that file to populate another instance of Active Roles. The export and import operations provide a way to move Policy Objects from a test environment to a production environment.
NOTE: When you export and then import Policy Objects, only policies are transferred. The Policy Object links are not included in the export-import operation. You need to reconfigure them manually after completing the operation.
To export Policy Objects, select them, right-click the selection, and select All Tasks > Export. In the Export Objects dialog, specify the file where you want to save the data, and click Save.
To import Policy Objects, right-click the container where you want to place the Policy Objects, and then click Import. In the Import Directory Objects dialog, select the file to which the Policy Objects were exported, and click Open.
You can delete Policy Objects with the Active Roles Console.
To delete a Policy Object
-
In the Console tree, under Configuration > Policies > Administration, locate and select the folder that contains the Policy Object you want to delete.
-
In the details pane, right-click the Policy Object, then click Delete.
NOTE: Once a Policy Object is applied within Active Roles to determine policy settings in the directory, the Policy Object cannot be deleted. You can view a list of objects to which the Policy Object is applied: right-click the Policy Object, and click Policy Scope. If you need to delete the Policy Object, first remove all items from the list in the Active Roles Policy Scope dialog.
Property Generation and Validation policies help you automate the configuration of directory object properties. Using this policy, you can:
-
Automatically generate default property values for new directory objects (for example, when creating new user accounts or groups).
-
Automatically check if the configured property values comply with the specified corporate policy rules.
To set up a policy, you can specify conditions that the property values must meet, and can also determine the default value for each property provisioned with the policy. For example, you can configure a policy to enforce a certain type of telephone number formatting in the contact information properties for your directory.
TIP: Consider the following when planning to configure a Property Generation and Validation policy:
-
To help you get started with configuring policy-based administration in your organization, Active Roles includes a set of built-in Policy Objects that offer provisioning and deprovisioning rules to the most typical administrative use cases. To find the built-in Policy Objects, navigate to the following node of the Active Roles Console:
Configuration > Policies > Administration > Builtin
-
If the directory of your organization contains cloud-only Azure objects (Azure users, guest users or contacts), then use the built-in Azure CloudOnly Policy - Default Rules to Generate Properties Policy Object to provision their default properties and accepted values.
NOTE: Policy Object settings specific to Azure cloud-only objects (such as cloud-only Azure users, guest users, or contacts) are available only if your Active Roles deployment is licensed for managing cloud-only Azure objects. Contact One Identity support for more information.
Also, Policy Objects specific to Azure cloud-only objects will work correctly only if an Azure tenant is already configured in the AD of the organization, and Active Roles is already set as a consented Azure application for that Azure tenant. For more information on these settings, see Configuring a new Azure tenant and consenting Active Roles as an Azure application.