Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Identity Manager 8.0 - Company Policies Administration Guide

Table of Contents

Company Policies

One Identity Manager Users for Company Policies Base Data for Company Policies

Policy Groups Compliance Frameworks

Additional Tasks for Compliance Frameworks

The Compliance Framework Overview Assigning Company Policies

Schedules for Policy Checking

Default Schedules Additional Tasks for Schedules

The Schedule Overview Assigning Company Policies Starting Schedules Immediately

Attestors Policy Supervisors Exception Approvers Standard Reasons

Predefined Standard Reasons

Defining Company Policies

Setting Up and Editing Company Policies

General Master Data for Company Policies Risk Assessment Extended Company Policy Data Policy Comparison Default Company Policies Additional Tasks for Working Copies

Overview of Working Copies Assigning Compliance Frameworks Assigning Mitigating Controls Maintaining Exception Approvers Maintaining Policy Supervisors Enabling Working Copies Show Condition Copying Policies Comparing a Company Policy Working Copy with the Original Showing Selected Objects

Additional Tasks for Company Policies

Overview of Company Policies Creating a Working Copy Enabling and Disabling Policies Show Condition Copying Policies Showing Selected Objects Recalculate Maintaining Exception Approvers Maintaining Policy Supervisors

Deleting Company Policies

Checking Company Policies

Calculating Policy Violations

Scheduled Policy Checking Ad hoc Policy Checking

Reports about Policy Violations Granting Exception Approval Notifications about Policy Violations

Demands for Exception Approval Notifications about Policy Violations without Exception Approval

Policy Violation Approval Status

Creating Custom Mail Templates for Notifications

General Properties of a Mail Template Creating and Editing an Email Definition

Using Base Object Properties Use of Hyperlinks in the Web Portal

Default Functions for Creating Hyperlinks

Customizing Email Signatures

Mitigating Controls

General Master Data for a Mitigating Control Additional Tasks for Mitigating Controls

The Mitigating Controls Overview Assigning Company Policies

Calculating Mitigation

General Configuration Parameter for Company Policies

Company Policies

Company Policies

Table 1: General Configuration Parameters for Company Policies
Configuration parameter	Meaning
QER\Policy	Preprocessor relevant configuration parameter for controlling company policy validation. Changes to the parameter require recompiling the database. If the parameter is enabled the target system modules are available.

Companies have varying requirements, which they need for regulating internal and external employee access to company resources. They also have to demonstrate that they adhere to legal requirements. Such requirements can be defined as policies.

One Identity Manager allows you to manage these company policies and thus to assess the risk involved. Assuming the appropriate data is stored in the One Identity Manager database, One Identity Manager determines all the company resources that violate these company policies. You can also define company policies for the purpose of providing reports that do not have any connection with One Identity Manager.

Adherence to company policies is checked regularly using scheduled tasks. You can incorporate company policies into the regular attestation of your company resources to decide on further handling of any violated ones. Risk assessment can be run for all company policies. Different reports and statistics provide you with an overview of violated policies.

Figure 1: Company Policies in One Identity Manager

Example of company policies are:

All cost centers are assigned a manager.
All departments are assigned employees.
All employees are attested.
Deactivated employees do not have any enabled user accounts.

To be able to map company policies

Set the configuration parameter "QER\Policy" in the Designer.

One Identity Manager Users for Company Policies

Company Policies > One Identity Manager Users for Company Policies

One Identity Manager Users for Company Policies

The following users are used for managing company policies.

Table 2: Users

User

Task

Company policy administrators

Administrators must be assigned to the application role Identity & Access Governance | Company policies | Administrators.

Users with this application role:

Enter base data for for setting up company policies.
Set up policies and assign policy supervisors to them.
Can calculation policies and view policy violations if required.
Set up reports about policy violations.
Enter mitigating controls.
Create and edit risk index functions.
Administer application roles for policy supervisors, exception approvers and attestors.
Set up other application roles as required.

Policy supervisor

Policy supervisors must be assigned to the application role Identity & Access Governance | Company policies | Policy supervisors or another child application role.

Users with this application role:

Are responsible for the contents of company policies.
Edit working copies of company policies.
Enable and disable company policies.
Can calculation policies and view policy violations if required.
Assign mitigating controls.

One Identity Manager administrators

Create customized permissions groups for application roles for role-based login to administration tools in the Designer, as required.
Create system users and permissions groups for non-role based login to administration tools, as required.
Enable or disable additional configuration parameters in the Designer, as required.
Create custom processes in the Designer, as required.
Create and configures schedules, as required.
Create and configure password policies, as required.

Exception approver

Exception approvers must be assigned to the application role Identity & Access Governance | Company policies | Exception approvers or to a child role.

Users with this application role:

Edit policy violations.
Can grant exception approval or revoke it.

Company policy attestors

Attestors must be assigned to the application role Identity & Access Governance | Company policies | Attestors.

Users with this application role:

Attest company policies and exception approvals in the Web Portal for which they are responsible.
Can view the master data for these company policies but not edit them.

Note: This application role is available if the module Attestation Module is installed.

Compliance & Security Officers

Compliance and security officers must be assigned to the application role Identity & Access Governance | Compliance & Security Officer.

Users with this application role:

View all compliance relevant information and other analysis in the Web Portal. This includes attestation policies, company policies and policy violations, compliance rules and rule violations and risk index functions.
Edit attestation polices

Auditors

Auditors are assigned to the application role Identity & Access Governance | Auditors.

Users with this application role:

See the Web Portal all the relevant data for an audit.

Base Data for Company Policies

Company Policies > Base Data for Company Policies

Various basic data is required to create company policies, run policy checks and handle policy violations.

Policy groups	Policy Groups
Compliance Frameworks	Compliance Frameworks
Schedules	Schedules for Policy Checking
Attestors	Attestors
Policy supervisors	Policy Supervisors
Exception approver	Exception Approvers
Standard Reasons	Standard Reasons

Policy Groups

Company Policies > Base Data for Company Policies > Policy Groups

Policy Groups

Use policy groups to group together company policies by functionality. You can use policy to groups to structure company policies hierarchically.

To edit a policy group

Select the category Company Policies | Basic configuration data | Policy groups.
Select a policy group in the result list. Select Change master data in the task view.
- OR -

Click in the result list toolbar.
Edit the master data for the policy group.
Save the changes.

Enter the following data for a policy group

Table 3: General Master Data for a Policy Group
Property	Description
Group name	Name of the policy group.
Parent group	Policy group above this one in a hierarchy. To organize policy groups hierarchically, select the parent rule group in the menu.

In the report Policy violation overview you can get an overview of all policy violations for a policy group.

Self Service Tools: Knowledge Base; Notifications & Alerts; Product Support; Software Downloads; Technical Documentation; User Forums; Video Tutorials; RSS Feed

Contact Us: Licensing Assistance; Technical Support; View All

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy