Testing Policies

You can test the behavior and outcomes of your policies and policy rules by running a simulation of the policy. When you run simulations, the simulation tests the policy or policy rule against every identity in your system; however, it does not mark any identities as being in violation, create work items for remediating violations, or provide a list of identities in violation. It only gives you a count of the identities that are in violation of the policy or policy rule.

There are Run Simulation options at both the policy level, and the policy rule level. To run a simulation, click Run Simulation and confirm that you want to run the simulation. Running a simulation on a policy or policy rule automatically disables it, making it inactive; be sure that both the policy and policy rules have been reactivated when your testing is done.

To view the results of the simulation, open the policy and click View Simulation. (The View Simulation button replaces Run Simulation is replaced when a simulation is run.)

See Policy Simulation for more details.

You can also set a policy's state as Active or Inactive, giving you the opportunity to work iteratively on a policy, or temporarily suspend it while making updates, without impacting your daily operations. It is a good idea to leave policies inactive until you have assessed them and are certain they are functioning as intended. Individual policy rules within a policy can also be enabled or disabled as needed, without impacting other policy rules that may be part of the policy.