Chat now with support
Chat with Support

We are currently experiencing issues on our phone support and are working diligently to restore services. For support, please sign in and create a case or email supportadmin@quest.com for assistance

Identity Manager 8.1.4 - Company Policies Administration Guide

Company policies
One Identity Manager users for company policies Basic data for company policies Defining company policies Checking company policies Creating custom mail templates for notifications
Mitigating controls General Configuration Parameter for Company Policies

Notifications about policy violations without exception approval

Table 20: Configuration parameters for notifications about policy violations
Configuration parameter Meaning if Set
QER | Policy | EmailNotification | NotPermittedViolation

This configuration parameter contains the name of the mail template which is sent if a new rogue policy violation occurs.

Policy supervisors are notified if new policy violations are discovered during a policy check and these cannot be granted exception approval.

Prerequisites

  • The Exception approval allowed option is not set for the company policy.
  • An application role for Policy superviors is assigned to the company policy.
  • Employees are assigned to this application role.

To inform a policy supervisor about policy violations

  • Set "QER | Policy | EmailNotification | NotPermittedViolation" in Designer.

    Notification, using the "Policy - prohibited violation occurred" mail template, is sent by default to all policy supervisors.

TIP: To use something other than the default mail template for these notifications, change the value of the configuration parameter.

Approval status of a policy violation

Edit policy violations in the Web Portal. You can also get an overview of the approval status of each policy violation in the Manager. To do this, open the overview form of the enabled company policy whose policy violations you want to look at. You will see new, granted, and denied policy violations here.

To display details of a policy violation

  1. Select the form element for the policy violation and make the list entries visible.
  2. Click the policy violation you want to view.

    This opens the policy violation master data form, which shows you an overview of the object that caused the violation, the approval status and the exception approver responsible.

Related topics

Creating custom mail templates for notifications

A mail template consists of general master data such as target format, importance, or mail notification confidentiality, and one or more mail definitions. Mail text is defined in several languages in the mail template. This ensures that the language of the recipient is taken into account when the email is generated.

In One Identity Manager, there is a Mail Template Editor to simplify writing notifications. You can use the Mail Template Editor to create and edit mail texts in WYSIWYG mode.

To edit mail templates

  1. In the Manager, select the Company Policies | Basic configuration data | Mail templates category.

    This shows all the mail templates that can be used for policy checks in the result list.

  1. Select a mail template in the result list and run the Change master data task.

    - OR -

    Click in the result list.

    This opens the mail template editor.

  2. Edit the mail template.

  3. Save the changes.

To copy a mail template

  1. In the Manager, select the Company Policies | Basic configuration data | Mail templates category.

    This shows all the mail templates that can be used for policy checks in the result list.

  1. Select the mail template that you want to copy in the result list and run the Change master data task.

  2. Select the Copy mail template task.

  3. Enter the name of the new mail template in the Name of copy field.

  4. Click OK.

To display a mail template preview

  1. In the Manager, select the Company Policies | Basic configuration data | Mail templates category.

    This shows all the mail templates that can be used for policy checks in the result list.

  1. Select a mail template in the result list and run the Change master data task.

  2. Select the Preview task.

  3. Select the base object.

  4. Click OK.

To delete a mail template

  1. In the Manager, select the Company Policies | Basic configuration data | Mail templates category.

    This shows all the mail templates that can be used for policy checks in the result list.

  1. Select the template in the result list.
  2. Click in the result list.
  3. Confirm the security prompt with Yes.

General properties of a mail template

The following general properties are displayed for a mail template:

Table 21: Mail template properties

Property

Meaning

Mail template

Name of the mail template. This name will be used to display the mail templates in the administration tools and in the Web Portal. Translate the given text using the button.

Base object

Mail template base object. A base object only needs to be entered if the mail definition properties of the base object are referenced.

Use the QERPolicy or QERPolicyHasObject base object for notifications about policy violations.

Report (parameter set)

Report, made available through the mail template.

Description

Mail template description. Translate the given text using the button.

Target format

Format in which to generate email notification. Permitted values are:

  • HTML: The email notification is formatted in HTML. Text formats, for example, different fonts, colored fonts, or other text formatting, can be included in HTML format.

  • TXT: The email notification is formatted as text. Text format does not support bold, italics, or colored font, or other text formatting. Images displayed directly in the message are not supported.

Design type

Design in which to generate the email notification. Permitted values are:

  • Mail template: The generated email notification contains the mail body in accordance with the mail definition.
  • Report: The generated email notification contains the report specified under Report (parameter set) as its mail body.
  • Mail template, report in attachment: The generated email notification contains the mail body in accordance with the mail definition. The report specified under Report (parameter set) is attached to the notification as a PDF file.

Importance

Importance for the email notification. Permitted values are Low, Normal, and High.

Confidentiality

Confidentiality for the email notification. Permitted values are Normal, Personal, Private, and Confidential.

Can unsubscribe

Specifies whether the recipient can unsubscribe email notification. If this option is set, the emails can be unsubscribed through the Web Portal.

Deactivated

Specifies whether this mail template is disabled.

Mail definition

Unique name for the mail definition.

Language

Language that applies to the mail template. The recipient's language preferences are taken into account when an email notification is generated.

Subject

Subject of the email message.

Mail body

Content of the email message.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating