Chat now with support
Chat with Support

Identity Manager 8.0 - Compliance Rules Administration Guide

Compliance Rules and Identity Audit
One Identity Manager Users for the Identity Audit Base Data for Setting up Rules Setting up a Rule Base Rule check Creating Custom Mail Templates for Notifications
Mitigating Controls Configuration Parameters for Identity Audit

Rule Supervisors

Rule Supervisors

You can assign compliance rules to employees that are responsible for rule content. This may be an auditor or a auditing department, for example. To do this, assign compliance rules to an application role for rule supervisors. Assign employees to this application role, who are authorized to edit working copies of compliance rules.

A default application role for target system managers is available in One Identity Manager. You may create other application roles as required. For more information about application roles, see the One Identity Manager Application Roles Administration Guide.

Table 10: Default Application Role for Rule Supervisors
User Task

Rule supervisor

Rule supervisors must be assigned to the application role Identity & Access Governance | Identity Audit | Rule supervisors or to a child role.

Users with this application role:

  • Are responsible for compliance rule content, for example, an auditor or a auditing department.
  • Edit the compliance rule working copies, which are assigned to the application role.
  • Enable and disable compliance rules.
  • Can start rule checking and view rule violations as required.
  • Assign mitigating controls.

To edit a rule supervisor

  1. Select the category Identity Audit | Basic configuration data | Rule supervisors.
  2. Select Change master data in the task view.

    - OR -

    Select an application role in the result list. Select Change master data in the task view.

    - OR -

    Click in the result list toolbar.

  3. Edit the application role's master data.
    Property Value
    Parent application role Assign the application role Identity & Access Governance | Identity Audit | Rule supervisors or a child application role.
  4. Save the changes.
  5. Select the task Assign employees, to add members to the application role.
  6. Assign employees in Add assignments.

    - OR -

    Remove employees from Remove assignments.

  7. Save the changes.

Exception Approvers

Exception Approvers

Employees who can issue exception approvals for rule violations can be assigned to compliance rules. To do this, assign an application role for exception approvers to the compliance rule. Assign those employees who are entitled to approve rule violation exceptions to this application role.

A default application role for exception approvers is available in One Identity Manager. You may create other application roles as required. For more information about application roles, see the One Identity Manager Application Roles Administration Guide.

Table 11: Default Application Role for Exception Approvers
User Task

Exception approver

Administrators must be assigned to the application role Identity & Access Governance | Identity Audit | Exception approvers or to a child role.

Users with this application role:

  • Edit rule violations in the Web Portal.
  • Can grant exception approval or revoke it in the Web Portal.

To edit an exception approver

  1. Select the category Identity Audit | Basic configuration data | Exception approvers.
  2. Select Change master data in the task view.

    - OR -

    Select an application role in the result list. Select Change master data in the task view.

    - OR -

    Click in the result list toolbar.

  3. Edit the application role's master data.
    Property Value
    Parent application role Assign the application role Identity & Access Governance | Identity Audit | Exception approvers or a child application role.
  4. Save the changes.
  5. Select the task Assign employees, to add members to the application role.
  6. Assign employees in Add assignments.

    - OR -

    Remove employees from Remove assignments.

  7. Save the changes.
Related Topics

Standard Reasons

Standard Reasons

In the Web Portal, you can enter reasons, which provide explanations for individual approval decisions of the exception approvals. You can freely formulate this text. You also have the option to predefine reasons. The exception approver selects the most suitable text from these standards reasons in the Web Portal and stores it with the rule violation.

To edit standard reasons

  1. Select the category Identity Audit | Basic configuration data | Standard reasons.
  2. Select a standard reason in the result list. Select Change master data in the task view.

    - OR -

    Click in the result list toolbar.

  3. Edit the master data for a standard reason.
  4. Save the changes.

Enter the following properties for the standard reason.

Table 12: General Master Data for a Standard Reason
Property Description
Standard reason Reason text as displayed in the Web Portal.
Description Spare text box for additional explanation.
Automatic Approval Specifies whether the reason text is entered automatically by One Identity Manager into the rule violation.

Do not set this option if the you want to select the standard reason in the Web Portal.

Additional text required Specifies whether an additional reason should be entered in freely formatted text for the exception approval.

Predefined Standard Reasons

The One Identity Manager supplies predefined standard reasons. These standard reasons are added to the rule violations by One Identity Manager, if approval is automatic.

To display predefined standard reasons

  • Select the category Identity Audit | Basic configuration data | Standard reasons | Predefined.
Related Documents