Chat now with support
Chat with Support

Identity Manager 8.0 - Company Policies Administration Guide

Company Policies
One Identity Manager Users for Company Policies Base Data for Company Policies Defining Company Policies Checking Company Policies Creating Custom Mail Templates for Notifications
Mitigating Controls General Configuration Parameter for Company Policies

Reports about Policy Violations

One Identity Manager makes various reports available containing information about the selected base object and its relations to other One Identity Manager database objects. You can generate the following reports for all enabled company policies and compliance frameworks.

Table 18: Reports about Policy Violations
Report Description
Policy violation overview

(of a company policy)

This report groups together all policy violations for the selected policy. All the objects that violate the company policy are listed. The result list is grouped by:

  • Policy violations that still need to be decided
  • Policy violations without exception approval
  • Policy violation with exception approval
Policy violation overview

(of a policy group)

This report groups together all policy violations for the selected policy group. All the objects that violate the company policy are listed. The number of granted, denied and not yet processed policy violations are given in addition.
Policy violation overview

(for a compliance framework)

This report groups together all policy violations for the selected compliance framework. All the objects that violate the company policy are listed. The number of granted, denied and not yet processed policy violations are given in addition.

Granting Exception Approval

Granting Exception Approval

There can be individual cases where it is not possible to adhere to company policy. Policy violations can only be accepted occasionally but only if you take the required measures to ensure that these violations are regularly checked. For this purpose, you may grant exception approval for certain policy violations.

You store exception approvals with policy violations. You can see an overview of all unprocessed (new) company policies and policies that have been granted or denied on the overview form for a company policy.

Prerequisites

  • The option Exception approval allowed is set for the company policy.
  • The company policy is assigned an application role for exception approvers.
  • Employees are assigned to this application role.

Use the Web Portal to grant exception approvals.

NOTE: If the option Exception approval allowed is not set, unedited policy violations for this company policy are automatically denied. Existing exception approvals are withdrawn.
Detailed information about this topic

Notifications about Policy Violations

Notifications about Policy Violations

Table 19: Configuration Parameters for Notifications about Policy Violations
Configuration parameter Meaning if Set
QER\Policy\EmailNotification

This parameter is used for mail notifications.

Information about notifications during company policy checks is stored under the parameter.

QER\Policy\EmailNotification\DefaultSenderAddress This configuration parameter contains the sender email address for automatically generated messages within company policy checking.

The notification procedure uses mail templates to create notifications. The mail text in a mail template is defined in several languages. This ensures that the language of the recipient is taken into account when the email is generated. Mail templates are supplied in the default installation with which you can configure the notification procedure.

Messages are not sent ti the chief approval team by default. Fallback approvers are only notified if not enough approvers could be found for an approval step.

To use notification in the request process

  1. Ensure that the email notification system is configured in One Identity Manager. For more detailed information, see the .One Identity Manager Configuration Guide
  2. Set the configuration parameter "" in the Designer and enter the sender address with which the email notifications are sent.
  3. Ensure that all employees have a default email address. Notifications are sent to this address. For more detailed information, see the .One Identity Manager Identity Management Base Module Administration Guide
  4. Ensure that a language culture can be determined for all employees. Only then can they receive email notifications in their own language. For more detailed information, see the .One Identity Manager Identity Management Base Module Administration Guide
  5. Configure the notification procedure.
Related Topics

Demands for Exception Approval

Demands for Exception Approval

Table 20: Configuration Parameters for Notifications about Policy Violations
Configuration parameter Meaning if Set
QER\Policy\EmailNotification\NewExceptionApproval

This configuration parameter contains the name of the mail template, which is sent if an approval exception for a new policy violation is required.

If new policy violations are discovered during a policy check, exception approvers are notified and prompted to make an approval decision.

Prerequisites

  • The option Exception approval allowed is set for the company policy.
  • The company policy is assigned to an Exception approvers application role.
  • Employees are assigned to this application role.

To send demands for exception approval

  • Set the configuration parameter "QER\Policy\EmailNotification\NewExceptionApproval" in the Designer.

    Notification with the mail template "Policies - new exception approval required" is sent to all exception approvers, by default.

TIP: To use something other than the default mail template for these notifications, change the value of the configuration parameter.
Related Documents