Configuration parameter | Meaning |
---|---|
QER\Policy |
Preprocessor relevant configuration parameter for controlling company policy validation. Changes to the parameter require recompiling the database. If the parameter is enabled the target system modules are available. |
Companies have varying requirements, which they need for regulating internal and external employee access to company resources. They also have to demonstrate that they adhere to legal requirements. Such requirements can be defined as policies.
One Identity Manager allows you to manage these company policies and thus to assess the risk involved. Assuming the appropriate data is stored in the One Identity Manager database, One Identity Manager determines all the company resources that violate these company policies. You can also define company policies for the purpose of providing reports that do not have any connection with One Identity Manager.
Adherence to company policies is checked regularly using scheduled tasks. You can incorporate company policies into the regular attestation of your company resources to decide on further handling of any violated ones. Risk assessment can be run for all company policies. Different reports and statistics provide you with an overview of violated policies.
Figure 1: Company Policies in One Identity Manager
Example of company policies are:
To be able to map company policies
The following users are used for managing company policies.
User | Task | ||
---|---|---|---|
Company policy administrators |
Administrators must be assigned to the application role Identity & Access Governance | Company policies | Administrators. Users with this application role:
| ||
Policy supervisor |
Policy supervisors must be assigned to the application role Identity & Access Governance | Company policies | Policy supervisors or another child application role. Users with this application role:
| ||
One Identity Manager administrators |
| ||
Exception approver |
Exception approvers must be assigned to the application role Identity & Access Governance | Company policies | Exception approvers or to a child role. Users with this application role:
| ||
Company policy attestors |
Attestors must be assigned to the application role Identity & Access Governance | Company policies | Attestors. Users with this application role:
| ||
Compliance & Security Officers |
Compliance and security officers must be assigned to the application role Identity & Access Governance | Compliance & Security Officer. Users with this application role:
| ||
Auditors |
Auditors are assigned to the application role Identity & Access Governance | Auditors. Users with this application role:
|
Various basic data is required to create company policies, run policy checks and handle policy violations.
Policy groups | Policy Groups |
Compliance Frameworks | Compliance Frameworks |
Schedules | Schedules for Policy Checking |
Attestors | Attestors |
Policy supervisors | Policy Supervisors |
Exception approver | Exception Approvers |
Standard Reasons | Standard Reasons |
Use policy groups to group together company policies by functionality. You can use policy to groups to structure company policies hierarchically.
To edit a policy group
- OR -
Click in the result list toolbar.
Enter the following data for a policy group
Property | Description |
---|---|
Group name | Name of the policy group. |
Parent group |
Policy group above this one in a hierarchy. To organize policy groups hierarchically, select the parent rule group in the menu. |
In the report Policy violation overview you can get an overview of all policy violations for a policy group.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy