Company policies that are violated generate policy violations. Policy violations may be approved as an exception.
General tips and getting started
Logging in and out
Navigation and use
Displaying the address book
Changing the user interface theme
Managing password questions
Changing passwords
Editing your profile information
Switching languages
Enabling/disabling email notifications
Report subscriptions management
Managing reports
Requests
Subscribing to reports
Editing report subscriptions
Sending reports from report subscriptions
Unsubscribing reports
The user interface layout
Setting up and configuring request functions
Attestation
Managing shops
Requesting products
Displaying shops
Creating shops
Editing shops
Managing service categories
Editing shop details
Managing shop shelves
Manage access to requestable products in Shops
Managing requestable products in shops
Deleting shops
Displaying service categories
Creating service categories
Editing service categories
Deleting service categories
Managing service items
Managing product bundles
Adding products to the shopping cart
Managing products in the shopping cart
Managing the Saved for Later list
Displaying the shopping cart
Removing products from the shopping cart
Setting the validity period of products in your shopping cart
Specifying the priority of products in your shopping cart
Giving reasons for requests
Checking the shopping cart
Requesting products in the shopping cart for multiple identities
Deleting shopping carts
Submitting requests
Requesting for other identities or subidentities
Displaying and requesting other identity’s products
Requesting using product bundles
Requesting privileged access
Requests for Active Directory groups
Requesting new Active Directory groups
Requesting changes to Active Directory groups
Requesting deletion of Active Directory groups
Requesting new SharePoint groups
Saving products for later
Displaying Saved for Later list
Requesting products on the Saved for Later list
Removing products from the Saved for Later list
Deleting the Saved for Later list
Pending requests
Displaying pending requests
Displaying request history
Canceling requests
Renewing products with limit validity periods
Unsubscribing products
Displaying requests
Undoing approvals
Managing request inquiries directed at you
Displaying pending request history
Displaying pending request entitlements
Displaying rule violations of pending requests
Approving and denying requests
Decision guidance for request approvals
Approving pending requests from newly created Active Directory groups
Approving pending requests from newly created SharePoint groups
Approving new managers' pending requests
Appointing other approvers for pending requests
Rerouting approvals of pending requests
Appointing additional approvers to pending requests
Delegating approvals of pending requests to other identities
Escalating approvals of pending requests
Rejecting request approval
Managing inquiries about pending requests
Managing attestations
Compliance
Attestation policy settings
Pending attestations
Displaying attestation policies
Displaying attestation policy reports
Setting up attestation policies
Editing attestation policies
Copying attestation policies
Deleting attestation policies
Starting attestation
Running sample attestations
Managing attestation runs
Displaying attestation policy runs
Attestation by peer group analysis
Managing samples
Sending attestation reminders
Grouping attestation policies (using policy collections)
Displaying attestors of application runs
Displaying attestation cases of application runs
Displaying attestation run reports
Extending attestation runs
Displaying pending attestation cases
Approving or denying attestation cases
Appointing other approvers for pending attestation cases
Displaying attestation history
Managing attestation inquiries directed at you
Rerouting approvals of pending attestation cases
Appointing additional approvers to pending attestation cases
Delegating approvals of pending attestation cases to other identities
Rejecting approval of attestation cases
Managing inquiries about pending attestation cases
Managing compliance rules
Managing risk index functions
Displaying compliance rules
Managing company policies
Displaying rule violations of compliance rules
Displaying mitigating controls of compliance rules
Displaying compliance rule statistics
Displaying compliance rule hyperviews
Displaying reports about compliance rules and rule violations
Check compliance rules and find rule violations
Managing rule violations
Displaying risk index functions
Editing risk index functions
Disabling/enabling risk index functions
Starting risk index calculation manually
Responsibilities
My responsibilities
Managing data
Managing my departments
Managing task delegations
Ownerships
Displaying my departments
Creating your own departments
Displaying and editing my department main data
Copying/splitting my departments
Comparing and merging my departments
Restoring my departments to their previous state
Managing my department memberships
Managing my application roles
Displaying memberships in my departments
Analyzing assignments to my departments
Adding identities to my departments
Removing identities from my departments
Managing my departments' entitlements
Displaying my department entitlements
Adding entitlements to my departments
Deleting my department entitlements
Displaying my departments' rule violations
My departments' history
Displaying my department history
Displaying the status overview of my departments
Comparing statuses of my departments
Restoring my deleted departments
Displaying my application roles
Creating your own application roles
Displaying and editing my application roles' main data
Restoring my application roles to their previous state
Managing my application role memberships
Managing my devices
Displaying memberships in my application roles
Analyzing assignments to my application roles
Assigning identities to my application roles
Removing identities from my application roles
Displaying my application roles' rule violations
My application roles' history
Displaying my devices
Creating your own devices
Displaying and editing my devices' main data
Deleting your own devices
Managing my business roles
Displaying my business roles
Creating your own business roles
Displaying and editing my business roles' main data
Copying/splitting my business roles
Comparing and merging my business roles
Restoring my business roles to their previous state
Managing my business role memberships
Managing my identities
Displaying my business roles' memberships
Analyzing assignments to my business roles
Assigning identities to my business roles
Removing identities from my business roles
Managing my business roles' entitlements
Displaying my business roles' entitlements
Adding entitlements to my business roles
Deleting my business roles' entitlements
Displaying my business roles' rule violations
My business roles' history
Displaying my business roles' history
Displaying the status overview of my business roles
Comparing statuses of my business roles
Restoring my deleted business roles
Displaying my identities
Creating your own identities
Comparing my identities
Displaying and editing my identities' main data
Displaying my identities' risk indexes
Deactivating my identities
Marking my identities as security risks
Assigning other managers to my identities
Creating passcodes for my identities
Creating reports about my identities
Managing my identities' memberships
Managing my cost centers
Analyzing my identities' membership assignments
Displaying my identities' departments
Displaying my identities' application roles
Displaying my identities' user accounts
Displaying my identities' business roles
Displaying my identities' cost centers
Displaying my identities' shops
Displaying my identities' locations
Displaying my identities' system entitlements
Displaying my identities' system roles
Displaying identities' organizational charts
My identities' history
Displaying my identities' history
Displaying the status overview of my identities
Comparing statuses of my identities
Displaying my identity requests
Managing my identities' attestation cases
Displaying attestation cases of my identities
Approving and denying attestation cases of my identities
Displaying my identities' rule violations
Displaying my cost centers
Creating your own cost centers
Displaying and editing my cost center main data
Copying/splitting my cost centers
Comparing and merging my cost centers
Restoring my cost centers to their previous state
Managing my cost center memberships
Managing my multi-request resources
Managing my multi requestable/unsubscribable resources
Displaying memberships in my cost centers
Analyzing assignments to my cost centers
Adding identities to my cost centers
Removing identities from my cost centers
Managing my cost centers' entitlements
Displaying my cost center entitlements
Adding entitlements to my cost centers
Deleting my cost center entitlements
Displaying my cost center rule violations
My cost center history
Displaying my cost center history
Displaying the status overview of my cost centers
Comparing statuses of my cost centers
Restoring my deleted cost centers
Displaying my multi requestable/unsubscribable resources
Displaying and editing my multi requestable/unsubscribable resources' main data
Managing my resources
Managing my software applications
Displaying my software applications
Displaying and editing my software applications' main data
Displaying my software application owners
Managing my software application memberships
Managing my locations
Displaying memberships in my software applications
Analyzing assignments to my software applications
Assigning identities to my software applications
Removing identities from my software applications
Managing service items of my software applications
Displaying my locations
Creating your own locations
Displaying and editing my locations' main data
Copying/splitting my locations
Comparing and merging my locations
Restoring my locations to their previous state
Managing my location memberships
Managing my system entitlements
Displaying memberships in my locations
Analyzing assignments to my locations
Adding identities to my locations
Removing identities from my locations
Managing my locations' entitlements
Displaying my locations' entitlements
Adding entitlements to my locations
Deleting my locations' entitlements
Displaying my locations' rule violations
My locations' history
Displaying my locations' history
Displaying the status overview of my locations
Comparing statuses of my locations
Restoring my deleted locations
Displaying my system entitlements
Displaying and editing my system entitlements' main data
Creating reports about my system entitlements
Making my system entitlements requestable
Specifying my system entitlement owners
Managing my system entitlements' service items
Managing my system entitlement memberships
Managing my system roles
Displaying memberships in my system entitlements
Analyzing assignments to my system entitlements
Assigning identities to my system entitlements
Removing identities from my system entitlements
Managing my system entitlements' child groups
My system entitlements' history
Displaying my system entitlements' history
Displaying the status my system entitlements' overview
Comparing statuses of my system entitlements
Managing my system entitlements' attestation cases
Displaying my system roles
Creating your own system roles
Displaying and editing my system roles' main data
Managing my system role memberships
Managing my assignment resources
Displaying memberships in my system roles
Analyzing assignments to my system roles
Assigning identities to my system roles
Removing identities from my system roles
Managing my system roles' entitlements
Displaying my system roles' entitlements
Adding entitlements to my system roles
Deleting my system roles' entitlements
Displaying my system roles' rule violations
My system roles' history
Managing departments
Opening other web applications
Managing tickets
Appendix: Attestation conditions and approval policies from attestation procedures
Displaying departments
Creating departments
Displaying and editing department main data
Copying/splitting departments
Comparing and merging departments
Restoring departments to their previous state
Managing department memberships
Managing user accounts
Displaying department memberships
Analyzing assignments to departments
Adding identities to departments
Removing identities from departments
Managing department entitlements
Displaying department entitlements
Adding entitlements to departments
Deleting department entitlements
Displaying department rule violations
Department history
Displaying department history
Displaying the status overview of departments
Comparing statuses of departments
Restoring deleted departments
Displaying user accounts
Editing user accounts
Managing user account memberships
Creating reports about user accounts
Managing business roles
Displaying business roles
Creating business roles
Displaying and editing business role main data
Copying/splitting business roles
Comparing and merging business roles
Restoring business roles to their previous state
Managing business role memberships
Managing identities
Displaying business role memberships
Analyzing assignments to business roles
Assigning identities to business roles
Removing business roles from identities
Managing business role entitlements
Displaying business role entitlements
Adding entitlements to business roles
Deleting business role entitlements
Displaying business role rule violations
Business role history
Displaying business role history
Displaying the status overview of business roles
Comparing statuses of business roles
Restoring deleted business roles
Displaying identities
Displaying and editing identity main data
Creating identities
Comparing identities
Displaying and analyzing identities' risk indexes
Deactivating identities
Marking identities as security risks
Deleting identities
Assigning other managers to identities
Creating reports about identities
Managing identities' memberships
Managing cost centers
Analyzing identities' membership assignments
Displaying identities' departments
Displaying identities' application roles
Displaying identities' user accounts
Displaying identities' business roles
Displaying identities' cost centers
Displaying identities' shops
Displaying identities' locations
Displaying identities' system entitlements
Displaying identities' system roles
Displaying identities' organizational charts
Identity history
Displaying identities' history
Displaying the status overview of identities
Comparing statuses of identities
Managing attestation cases of identities
Displaying identities' rule violations
Displaying cost centers
Creating cost centers
Displaying and editing cost center main data
Copying/splitting cost centers
Comparing and merging cost centers
Restoring cost centers to their previous state
Managing cost center memberships
Managing multi-request resources
Managing multi requestable/unsubscribable resources
Displaying cost center memberships
Analyzing assignments to cost centers
Adding identities to cost centers
Removing identities from cost centers
Managing cost center entitlements
Displaying cost center entitlements
Adding entitlements to cost centers
Deleting cost center entitlements
Displaying cost center rule violations
Cost center history
Displaying cost center history
Displaying the status overview of cost centers
Comparing statuses of cost centers
Restoring deleted cost centers
Displaying multi requestable/unsubscribable resources
Displaying and editing multi requestable/unsubscribable resource main data
Managing resources
Managing locations
Displaying locations
Creating locations
Displaying and editing location main data
Copying/splitting locations
Comparing and merging locations
Restoring locations to their previous state
Managing location memberships
Managing system entitlements
Displaying location memberships
Analyzing assignments to locations
Adding identities to locations
Removing identities from locations
Managing location entitlements
Displaying location entitlements
Adding entitlements to locations
Deleting entitlements from locations
Displaying location rule violations
Location history
Displaying location history
Displaying the status overview of locations
Comparing statuses of locations
Restoring deleted locations
Displaying system entitlements
Making system entitlements requestable
Displaying and editing system entitlements main data
Specifying system entitlement owners
Managing service items for system entitlements
Managing system entitlement memberships
Managing system roles
Displaying system entitlement memberships
Analyzing assignments to system entitlements
Assigning identity system entitlements
Removing system entitlements from identities
Managing system entitlement child groups
System entitlement history
Displaying system entitlement history
Displaying the status overview of system entitlements
Comparing statuses of system entitlements
Managing attestation cases of system entitlements
Displaying attestation cases of system entitlements
Approving and denying attestation cases of system entitlements
Creating reports about system entitlements
Displaying system roles
Creating system roles
Displaying and editing system role main data
Managing system role memberships
Managing assignment resources
Displaying system role memberships
Analyzing assignments to system roles
Assigning identities to system roles
Removing identities from my system roles
Managing system role entitlements
Displaying system role entitlements
Adding entitlements to system roles
Deleting system role entitlements
Displaying system role rule violations
System role history
Attesting primary departments
Attesting primary business roles
Attesting primary cost centers
Attesting primary locations
Attesting secondary departments
Attesting secondary cost centers
Attesting secondary locations
Attesting PAM asset groups
Attesting PAM asset accounts
Attesting PAM assets
Attesting PAM user groups
Attesting PAM user accounts
Attesting PAM account groups
Attesting PAM directory accounts
Attesting PAM accesses
Attesting departments
Application role attestation
Business role attestation
Attesting system roles
Attesting locations
Attesting system roles
Attesting memberships in system entitlements
Attesting memberships in application roles
Attestation of memberships in business roles
Attesting assignment of memberships in system roles
Attesting device owners
Attesting system entitlement owners
Attesting system entitlement owners (initial)
Attesting user accounts
Attesting system entitlements
Attesting assignment of system entitlement to departments
Attesting assignment of system entitlement to business roles
Attestation of system entitlement assignments to cost centers
Attestation of system entitlement assignments to locations
Attesting assignment of system role assignment to departments
Attesting assignment of system roles to business roles
Cost center system role assignment attestation
Attesting assignment of system entitlements to locations
Attesting assignments to system roles
Managing policy violations
Displaying approvable policy violations
You can display rule violations that you can approve. In doing so, you can additionally display policy violations that already have an approval decision.
To display policy violations
-
In the menu bar, click Compliance > Policy violations.
This opens the Policy Violations page and displays all the policy violations.
-
(Optional) To control which policy violations are displayed, click
(Filter) and enable the corresponding option in the context menu.
-
(Optional) To display details of a policy violation, click the appropriate policy violation.
Related topics
Assigning mitigating controls to policy violations
Mitigating controls can be assigned to policy violations to reduce the risk of policy violations.
NOTE: You can assign only mitigating controls that are also assigned to the company policies that are violated.
NOTE: You can only assign mitigating controls to a policy violation if your system is configured appropriately. Otherwise, the mitigating controls assigned to the policy violation are automatically assigned to every other related policy violation.
To assign mitigating controls to a policy violation
-
In the menu bar, click Compliance > Policy violations.
-
On the Policy Violations page, click the policy violation to which you want to assign mitigating controls.
-
In the View Policy Violation Details pane, click the Mitigating Controls tab.
-
On the Mitigating Controls tab, click Assign mitigating controls.
-
In the menu, select the mitigating control that you want to assign to the policy violation.
-
(Optional) To assign other mitigating controls, click
(Assign mitigating control).
-
Click Save.
Granting and denying policy violation exceptions
As exception approver, you can grant or deny exception approval to policy violations.
To make an approval decision about a policy violation
-
In the menu bar, click Compliance > Policy violations.
-
On the Policy Violations page, perform one of the following actions:
-
To grant an exception for a policy violation, next to the policy violation, click Grant exception.
-
To deny an exception for a policy violation, next to the policy violation, click Deny exception.
TIP: To grant or deny exceptions to several policy violations at the same time, select the check box next to each policy violation and click Grant Exception or Deny Exception below the list.
-
-
(Optional) Perform the following actions:
-
In the Reason for your decision menu, select a standard reason for your approval decision.
-
(Optional) In the Additional comments about your decision field, enter extra information about your approval decision.
TIP: By giving reasons, your approvals are more transparent and support the audit trail.
NOTE: For more detailed information about standard reasons, see the One Identity Manager Company Policies Administration Guide.
-
-
Click Save.