|Configuration parameter||Meaning if Set|
This configuration parameter contains the name of the mail template which is sent if a new rogue rule violation occurs.
If new rule violations are discovered during a rule check, which cannot be issued with exception approval, rule supervisors are notified.
Employees are assigned to this application role.
To inform a rule supervisor about rule violations
Set the configuration parameter "QER\ComplianceCheck\EmailNotification\NotPermittedViolation" in the Designer.
Notification with the mail template "Compliance - prohibited violation occurred" is sent by default.
|TIP: To use something other than the default mail template for these notifications, change the value of the configuration parameter.|
In addition to locating existing rule violations, the One Identity Manager can also identify potential violations of IT Shop requests. To do this, you add an approval step with the approval procedure "CR - Compliance check simplified" in the approval process in the IT Shop.
To identify rule violations through IT Shop requests, auxiliary tables are evaluated for object assignments and the affected employees. These auxiliary tables are regularly updated by the DBQueue Processor. Changes to a rule are calculated immediately in the auxiliary tables.
The schedule "default schedule compliance rule fill" is included in the default One Identity Manager installation to add changes, such as, changes to entitlements or an extended property in the rule check. This schedule generates processing tasks, on a cyclical basis, for updating the auxiliary table. Create your own schedule to customize the auxiliary table calculation cycle meet your own requirements.
To customize the auxiliary table calculation cycle to meet your requirements
Click in the result list toolbar.
Rule checking does not completely check the requests. It is possible that under the following conditions, rule checking does not identify a rule violation.
It is possible that under the following conditions, rule checking identifies a rule violation where there isn't one.
For more detailed information about compliance checking IT Shop requests, see the One Identity Manager IT Shop Administration Guide.
A mail template consists of general master data such as target format, important or mail notification confidentiality and one or more mail definitions. Mail text is defined in several languages in the mail template. This ensures that the language of the recipient is taken into account when the email is generated.
There is a One Identity Manager in the Mail Template Editor to simplify writing notifications. You can use the Mail Template Editor to create and edit mail text in WYSIWYG mode.
To edit mail templates
This shows all the mail templates that can be used for Identity Audit in the result list.
- OR -
Click in the result list toolbar.
This opens the mail template editor.
To copy a mail template
To display a mail template preview
To delete a mail template
The following general properties are displayed for a mail template:
|Mail template||Name of the mail template. This name will be used to display the mail templates in the administration tools and in the Web Portal. Translate the given text using the button.|
|Base object||Mail template base object. A base object only needs to be entered if the mail definition properties of the base object are referenced.
Use the base object ComplianceRule or PersonInNonCompliance for notifications about rule violations.
|Report (parameter set)||Report, made available through the mail template.|
|Description||Mail template description. Translate the given text using the button.|
|Target format||Format in which to generate email notification. Permitted values are:
|Design type||Design in which to generate the email notification. Permitted values are:
|Importance||Importance for the email notification. Permitted values are "low", "normal" and "high".|
|Confidentiality||Confidentiality for the email notification. Permitted values are "normal", "personal", "private" and "confidential".|
|Can unsubscribe||Specifies whether the recipient can unsubscribe email notification. If this option is set, the emails can be unsubscribed through the Web Portal.|
|Disabled||Specifies whether this mail template is disabled.|
|Mail definitions||Unique name for the mail definition.|
|Language culture||Language which applies to the mail template.|
|Subject||Subject of the email message|
|Mail body||Content of the email message.|