Chat now with support
Chat with Support

Identity Manager On Demand - Starling Edition Hosted - Company Policies Administration Guide

Company policies in One Identity Manager Defining company policies
Creating and editing company policies Using default company policies Deleting company policies Policy groups Compliance frameworks Schedules for checking policies Company policy attestors Policy supervisors for company policies Exception approvers for policy violations Standard reasons for policy violations Mail templates for company policy notifications
Checking company policies Automatic attestation of policy violations Mitigating controls for company policies General configuration parameter for company policies

Notifications about policy violations without exception approval

Policy supervisors are notified if new policy violations are discovered during a policy check and these cannot be granted exception approval.

  • Exception approvals for policy violations are not permitted.

  • An application role for Policy superviors is assigned to the company policy.

  • Identities are assigned to this application role.

To inform a policy supervisor about policy violations

  • Enter the following data for the company policy:

    • Exception approval allowed: Not enabled

    • Mail Template New Violation: Policies - rogue violation occurred

    TIP: To use a mail template other than the standard for these notifications, create a mail template with the QERPolicy base object.

Related topics

Displaying approval status of policy violations

Edit policy violations in the Web Portal. For more information, see the One Identity Manager Web Designer Web Portal User Guide.

In the Manager, you can get an overview of the approval status of each policy violation. To do this, open the overview form of the enabled company policy whose policy violations you want to look at. You will see new, granted, and denied policy violations here.

To display details of a policy violation

  1. In the Manager, select the Company Policies > Policies category.

  2. Select the company policy in the result list.

  3. Select the Company policy overview task.

  4. Select the form element for the policy violation and make the list entries visible. You have the following options:

    • Policy violations: new: Displays all policy violations pending approval.

    • Policy violations: exception approved: Displays all policy violations that have been granted approval.

    • Policy violations: exception denied: Displays all policy violations that have not been granted approval.

  5. Click the policy violation you want to view.

    This opens the policy violation main data form, which shows you an overview of the object that caused the violation, the approval status and the exception approver responsible.

Related topics

Automatic attestation of policy violations

NOTE: This functionality is only available if the Attestation Module in installed.

Automatic recertification of the affected entitlements can be provided for policy violations. As a result of recertification, entitlements that should not be used anymore can be automatically deactivated or removed. This functionality is used by default in the context of Behavior Driven Governance. However, you can also use this functionality for your own company policies and related authorization checks.

For more information about Behavior Driven Governance, see the One Identity Manager Administration Guide for Behavior Driven Governance.

Detailed information about this topic

Configuring automatic attestation of policy violations

NOTE: This functionality is only available if the Attestation Module in installed.

Attestation of policy violations requires an attestation policy that matches the company policy. This attestation policy must determine the same objects as the company policy.

To set up automatic attesting of policy violations

  1. Create an attestation policy for attesting objects that violate a company policy. Ensure that the same objects are determined by this attestation policy as by the company policy.

    For more information about creating and editing attestation policies, see the One Identity Manager Attestation Administration Guide.

  2. Create a new company policy or edit an existing company policy. Enter the following data:

    • Attestation policy: From the menu, select the attestation policy to be used for attesting policy violations.

      Ensure that the same objects are determined by this attestation policy as by the company policy. Check the assigned tables and conditions.

    • Start attestation of new rule violations immediately: Specify whether an attestation case is created immediately for each new policy violation.

      If this option is disabled, attestation is only started by the schedule stored with the attestation policy or by the Recertify all policy violations task.

Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating