Configuration parameter | Meaning |
---|---|
QER\ComplianceCheck | Preprocessor relevant configuration parameter to control component parts for Identity Audit. Changes to the parameter require recompiling the database.
If the parameter is set the components can be used. |
The One Identity Manager can be used to define rules that maintain and monitor regulatory requirements and automatically deal with rule violations. Define compliance rules, to test entitlements or combinations of entitlements in the context of identity audit for employees in the company. On the one hand, existing rule violations can be found by checking rules. On the other hand, possible rule violations can be preemptively identified and this prevented.
Figure 1: Identity Audit in One Identity Manager
Simple rule examples are:
You can use the identity audit function of the One Identity Manager to:
Based on this information, you can make corrections to data in the One Identity Manager and transfer them to the connected target systems. The integrated report function in the One Identity Manager can be used to provide information for the appropriate tests.
To use the identity audit function
The following users are included in managing the rule base and editing rule violations.
User | Task | ||
---|---|---|---|
Administrators for Identity Audit |
Administrators must be assigned to the application role Identity & Access Governance | Identity Audit | Administrators. Users with this application role:
| ||
Rule supervisors |
Rule supervisors must be assigned to the application role Identity & Access Governance | Identity Audit | Rule supervisors or to a child role. Users with this application role:
| ||
One Identity Manager administrators |
| ||
Exception approvers |
Administrators must be assigned to the application role Identity & Access Governance | Identity Audit | Exception approvers or to a child role. Users with this application role:
| ||
Compliance rules attestors |
Attestors must be assigned to the application role Identity & Access Governance | Identity Audit | Attestors. Users with this application role:
| ||
Compliance & Security officers |
Compliance and security officers must be assigned to the application role Identity & Access Governance | Compliance & Security Officer. Users with this application role:
| ||
Auditors |
Auditors are assigned to the application role Identity & Access Governance | Auditors. Users with this application role:
|
Various basic data is required to create rules, run rule checks and handle rule violation.
Rule groups: | Rule groups |
Compliance frameworks: | Compliance Frameworks |
Extended properties: | Extended Properties and Property Groups |
Schedules: | Schedules for Checking Rules |
Functional areas: | Functional Areas |
Attestors: | Attestors |
Rule supervisors: | Rule supervisor |
Exception approvers: | Exception approver |
Standard reasons: | Standard Reasons |
Mail templates: | Creating Custom Mail Templates for Notifications |
Use rule groups to group rules by functionality, for example, to group account policies or separate functions ("Segregation of duties").
To edit a rule group
- OR -
Click in the result list toolbar.
Enter the following data for a rule group
Property | Description |
---|---|
Group name | Name of the rule group. |
Description | Spare text box for additional explanation. |
Parent group | Rule group above this one in a hierarchy.
To organize rule groups hierarchically, select the parent rule group in the menu. |
© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy