Edit Activity Rule Page

Use the Edit Activity Policy Rule page to define new rules for activity polices or edit existing rules. Rules are used to monitor the activities performed by users within your enterprise.

To create or edit a policy, see Working with Policies.

For an overview of developing and using rules in IdentityIQ, see Rules and Scripts in IdentityIQ.

To access the Edit Activity Rule Page, navigate to Setup > Policies, select the Activity Policy and then scroll down to the bottom of the page. Select an existing rule from the table or click Create New Rule. The following information is displayed on the Edit Activity Policy Rule page:

 

Field Name

Description

Activity Rule:

Summary

A brief summary of this rule. This information is displayed in the Rules column of the Rules table on the Edit Policy page.

Description

A brief description of the rule.

Policy Violation Owner

The person responsible for taking action on the policy violations. This can be a specific identity, the manager of the user in violation of the policy, or someone selected according to a rule.

You can also assign owners to each individual rule that makes up the policy. If you assign an owner at the rule level, it overrides the policy-level violation owner.

Note: Click the [...] icon to launch the Rule Editor to make changes to your rules if needed.

If the notification option is enabled, only the owner receives a work item; the observers only receive email notifications.

Violation formatting rule

A violation formatting rule adds extra information to a policy violation, like an extra description, or the relevant applications that contain attributes that contributed to the violation.

If you want to use a rule to control violation formatting, select a violation rule from the dropdown list. Violation formatting rules are defined when your system is configured.

Note: Click the [...] icon to launch the Rule Editor to make changes to your rules if needed.

Violation business process

Business processes can be used to define how violation work items are assigned, or how to handle the violation based on decision made on the work item. If you want to use a business process for the violation, select the business process from the dropdown list.

A business process specified here for the entire policy will be overwritten by any business process that is specified as part of a policy rule on the Edit Rule pages.

Disabled

Enable or disable the policy.

Compensating Control

A description of exceptions or compensating factors that apply to this rule. For example, certain policies or rules might not apply to users at the executive level in your organization.

This field is for documentation purposes only. Information entered here does not impact risk scoring associated with this rule or the reporting of policy violations.

See Compensating Controls and Correction Advice.

Corrective Advice

Text entered in this field is displayed if a violation of this policy appears on a certification request and is selected for revocation. Use this field to enter information that can be used by a certifier to make the correct revocation decision.

See Compensating Controls and Correction Advice.

Identity Filters:
Enable you to identify which types of identities should be considered when scanning activities for violations of this policy. These filters can be grouped and controlled using AND / OR operations and be as simple or complex as needed.
The Add a Filter box is used to create the individual filters, the Filter(s) box is used to view and manipulate the existing filters.

Operation

The operation used to control the interaction between the filters.

Field

A distinguishing characteristic associated with the identity type for which you are searching. The dropdown list contains all of the categories by which identities can be differentiated.

Search Type

The qualifier associated with the attribute value. For example, equals or is like.
The choices in this dropdown list are dependent on the Field specified.

Value

The value of the attribute.

Ignore Case

Specifies whether case should be a factor when scanning for the value specified.

Activity Filters:
Enable you to select which types of activities should be considered violations of this policy. You can also choose Time Periods in order to define when this activity is considered a violation of this policy.

Time Periods

The time periods during which the activity is in violation of the policy.

For example, if someone is logging into a sensitive application on the weekends or during non-office hours it might be a violation. The time periods are configured during the deployment of IdentityIQ.

Operation

The operation used to control the interaction between the filters.

Field

A distinguishing characteristic associated with the action for which you are searching. For example, start or end date, or the data source on which the action occurred.

Search Type

The qualifier associated with the field value. For example, equals or is like.

The choices in this dropdown list are dependent on the Field specified.

Value

The value of the attribute.

Ignore Case

Specifies whether case should be a factor when scanning for the value specified.

Run or View Simulation

Use the simulation option to simulate the policy rule before you make it active in your production environment.

Before testing the rule, make sure the names of rules are unique in a policy.

When you run a simulation for a single the rule, only the rule is disabled. The state of the policy is NOT changed.

When you run a simulation for all the enabled rules in a policy, the state of the policy is changed to inactive. To activate the policy, you must change the state to Active and save the changes to the policy.