Chat now with support
Chat with Support

Identity Manager On Demand - Starling Edition Hosted - Company Policies Administration Guide

Company policies in One Identity Manager Defining company policies
Creating and editing company policies Using default company policies Deleting company policies Policy groups Compliance frameworks Schedules for checking policies Company policy attestors Policy supervisors for company policies Exception approvers for policy violations Standard reasons for policy violations Mail templates for company policy notifications
Checking company policies Automatic attestation of policy violations Mitigating controls for company policies General configuration parameter for company policies

Reports about policy violations

One Identity Manager makes various reports available containing information about the selected base object and its relations to other One Identity Manager database objects. You can generate the following reports for all enabled company policies and compliance frameworks.

Table 13: Reports about policy violations
Report Description
Policy violation overview

(of a company policy)

This report groups together all policy violations for the selected policy. All the objects that violate the company policy are listed. The result list is grouped by:

  • Policy violations that still need to be decided

  • Policy violations without exception approval

  • Policy violation with exception approval

Policy violation overview

(of a policy group)

This report groups together all policy violations for the selected policy group. All the objects that violate the company policy are listed. The number of granted, denied, and not yet processed policy violations are given in addition.

Policy violation overview

(of a compliance framework)

This report groups together all policy violations for the selected compliance framework. All the objects that violate the company policy are listed. The number of granted, denied, and not yet processed policy violations are given in addition.

Granting exception approvals

There can be individual cases where it is not possible to adhere to company policy. Policy violations can only be accepted occasionally, but only if you take the required measures to ensure that these violations are regularly checked. For this purpose, you may grant exception approval for certain policy violations.

Use the Web Portal to grant exception approvals. For more information, see the One Identity Manager Web Designer Web Portal User Guide.

You store exception approvals with policy violations. You can display an overview of all unprocessed (new) company policies and policies that have been granted or denied on the overview form for a company policy.

Prerequisites
  • The Exception approval allowed option is set for the company policy.

  • The company policy is assigned an application role for exception approvers.

  • Identities are assigned to this application role.

NOTE: If the Exception approval allowed option is not set, unedited policy violations for this company policy are automatically denied. Existing exception approvals are withdrawn.

Detailed information about this topic

Notifications about policy violations

After policy checking, email notifications can be sent through new policy violations to exception approvers and policy supervisors. The notification procedure uses mail templates to create notifications. The mail text in a mail template is defined in several languages. This ensures that the language of the recipient is taken into account when the email is generated. Mail templates are supplied in the default installation with which you can configure the notification procedure.

Messages are not sent to the chief approval team by default. Fallback approvers are only notified if not enough approvers could be found for an approval step.

To use email notifications

  1. Ensure that the email notification system is configured in One Identity Manager. For more information, see the One Identity Manager Installation Guide.

  2. In the Designer, set the QER | Policy | EmailNotification configuration parameter.

  3. In the Designer, set the QER | Policy | EmailNotification | DefaultSenderAddress configuration parameter and enter the sender address used to send the email notifications.

  4. Ensure that all identities have a default email address. Notifications are sent to this address. For more information, see the One Identity Manager Identity Management Base Module Administration Guide.

  5. Ensure that a language can be determined for all identities. Only then can they receive email notifications in their own language. For more information, see the One Identity Manager Identity Management Base Module Administration Guide.

  6. Configure the notification procedure.

Related topics

Requesting exception approval

If new policy violations are discovered during a policy check, exception approvers are notified and prompted to make an approval decision.

Prerequisites
  • Exception approvals for policy violations are permitted.

  • The company policy is assigned to an Exception approvers application role.

  • Identities are assigned to this application role.

To send demands for exception approval

  • Enter the following data for the company policy:

    • Exception approval allowed: Enabled

    • Mail template new violation: Policies - new exception approval required

    TIP: To use a mail template other than the standard for these notifications, create a mail template with the QERPolicy base object.

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating