Policy Violations
Policies defined in IdentityIQ enable the system to evaluate an identity's access or activities and report any inconsistencies with company policies. Violations are reported to the violation owner, often the identity's manager, or the appropriate application owner. The violation owner can then permit an exception or initiate a remediation request. The following types of policy violation remediations are available:
Policy Violation Remediations for SOD Policy Violations
Only remediations for role or entitlement Separation of Duties (SOD) violations generate a provisioning request to revoke the invalid access. For example, when a manager evaluates an identity's SOD violations and determines that one of the accesses for the identity must be removed, the manager can request the revocation of the invalid access.
You can create policy violation remediation requests from:
-
Policy owner's Policy Violation page that you can from Manage > Policy Violations page.
-
Certification on which the violation is noted.
Policy Violation Remediations for Non-SOD Policy Violations
Note: By default, you cannot remediate non-SOD policy violations with a certification or in the policy violation window.
You can perform the following actions to enable certification remediate and generate a Work Item:
-
Edit the XML for any policy to include remediated as one of its certificationActions values to enable certification remediation on that policy type.
-
Select the remediation option for the violation in a certification to automatically create a Work Item that informs the appropriate party of the need to manually correct the violation.