Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Identity Manager 9.3 - Company Policies Administration Guide

Company policies in One Identity Manager Defining company policies
Creating and editing company policies Using default company policies Deleting company policies Policy groups Compliance frameworks Schedules for checking policies Company policy attestors Policy supervisors for company policies Exception approvers for policy violations Standard reasons for policy violations Mail templates for company policy notifications
Checking company policies Automatic attestation of policy violations Mitigating controls for company policies General configuration parameter for company policies

Exception approvers for policy violations

Identities that can issue exception approvals for policy violations can be assigned to company policies. To do this, assign an application role for exception approvers to a company policy on the main data form.

A default application role for exception approvers is available in One Identity Manager. You may create other application roles as required. For more information about application roles, see the One Identity Manager Authorization and Authentication Guide.

Table 10: Default application role for exception approvers
User Tasks

Exception approvers

Exception approvers must be assigned to the Identity & Access Governance | Company policies | Exception approvers application role or a child application role.

Users with this application role:

  • Edit policy violations.

  • Can grant exception approval or revoke it.

To add identities to default application roles for exception approvers

  1. In the Manager, select the Company Policies > Basic configuration data > Exception approvers category.

  2. Select the Assign identities task.

  3. In the Add assignments pane, add identities.

    TIP: In the Remove assignments pane, you can remove assigned identities.

    To remove an assignment

    • Select the identity and double-click .

  4. Save the changes.
Related topics

Standard reasons for policy violations

For exception approvals, you can specify reasons in the Web Portal that explain the individual approval decisions. You can freely formulate this text. You also have the option to predefine reasons. The exception approvers can select a suitable text from these standard reasons in the Web Portal and store it with the policy violation.

To create or edit standard reasons

  1. In the Manager, select the Company Policies > Basic configuration data > Standard reasons category.

  2. Select a standard reason in the result list and run the Change main data task.

    - OR -

    Click in the result list.

  3. Edit the main data of a standard reason.

  4. Save the changes.

Enter the following properties for the standard reason.

Table 11: General main data of a standard reason

Property

Description

Standard reason

Reason text as displayed in the Web Portal.

Description

Text field for additional explanation.

Automatic Approval

Specifies whether the reason text is only used for automatic approvals by One Identity Manager for policy violations. This standard reason cannot be selected by exception approvals in the Web Portal.

Do not set the option if the you want to select the standard reason in the Web Portal.

Additional text required

Specifies whether an additional reason should be entered in free text for the exception approval.

Usage type

Usage type of standard reason. Assign one or more usage types to allow filtering of the standard reasons in the Web Portal.

Related topics

Predefined standard reasons for policy violations

One Identity Manager provides predefined standard reasons. These are added to the policy violation by One Identity Manager during automatic approval. You can use the usage type to specify which standard reasons can be selected in the Web Portal.

To change the usage type

  1. In the Manager, select the Company Policies > Basic configuration data > Standard reasons > Predefined category.

  2. Select the standard reason whose usage type you want to change.

  3. Select the Change main data task.

  4. In the Usage type menu, set all the actions where you want to display the standard reason in the Web Portal.

    Unset all the actions where you do not want to display the default reason.

  5. Save the changes.
Related topics

Mail templates for company policy notifications

One Identity Manager supplies mail templates by default. These mail templates are available in English and German. If you require the mail body in other languages, you can add mail definitions for these languages to the default mail template.

To edit a default mail template

  • In the Manager, select the Company Policies > Basic configuration data > Mail templates > Predefined category.

Related topics
Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation