Skip to content

Alerts

Alerts are created using IdentityIQ File Access Manager (FAM) based on activity data – actions users take on resources that are part of an application that FAM is monitoring. FAM can be configured to create alerts when the user action is considered unexpected, potentially risky, or inappropriate. It is possible to configure alerts for any behavior. You can choose to use this functionality more broadly (e.g. for non-risky or non-problematic activities that someone wants to use as a process trigger).

This integration additionally enables you to trigger actions in IdentityIQ in response to an alert. Specifically, alerts aggregated into IdentityIQ can be used to drive three different response actions. A single alert can trigger more than one response action:

  • Launch a certification

  • Launch a workflow

  • Send an email notification

Alerts Page

Use the Alerts page to view existing alerts for your enterprise. To limit the number of alerts displayed in the table, use the filtering options.

Alert Page Details

Name - The name of the alert.

Source - Application associated with the alert.

Native Id - Native identifier of the application with which the alert is associated.

Type - Alert type.

Target Type - Type of the object that triggered the alert.

Target Name - Name of the object that triggered the alert.

Alert Date Start - Date and time at which this alert was triggered.

Alert Date End - Date and time at which this alert expires.

Last Processed Start - Last date and time this alert was triggered.

Last Processed End - Last date and time this alert process finished.

Acted Upon - Select True if this alert matched an alert definition and an alert action was triggered.

Create Alert Definition

The Create Alert Definition page contains the following information:

Details

Name - A descriptive name of this alert. This is the name that displays on the Alerts page.

Display Name - Label that is displayed on the alert.

Description - A brief description of the alert.

Owner - The alert owner, not necessarily the identity who triggered the alert.

Match Rule - Enables more complex matching logic.

+Add - Option to add a Match Term.

Source - Application name that triggers the alert.

Attribute - The display name of an account attribute derived from the attribute and its associated application.

Value - Value for the selected attribute that will trigger an alert during alert processing.

Action Type - Action to be taken when the alert is created. This can either be a notification, certification, or a workflow, or a combination of the available actions.

Email Template - Template used for the notification email. If none is selected, a system default is used.

Email Recipients = List of users to receive the alert notification.

How to Create an Alert Definition

Alerts are created using the Alert Definitions tab. Use this procedure to create new alert.

Procedure

  1. Click the Alert Definitions tab on the Alerts page.

  2. Click +New.

  3. Enter the alert information.

  4. Click Save to save the alert and return to the Alerts page.

Edit Alert Definitions

Use the Edit Alert Definition to edit existing rules. The Edit Alert Definitions page contains the following information:

Name - A descriptive name of this alert. This is the name that displays on the Alerts page.

Display Name - Label that is displayed on the alert.

Description - A brief description of the alert.

Owner - The alert owner, not necessarily the identity who triggered the alert.

Source - Application name that triggers the alert.

Attribute - The display name of an account attribute derived from the attribute and its associated application.

Value - Value for the selected attribute that will trigger an alert during alert processing.

Match Rule - Enables more complex matching logic.

Action Type - Action to be taken when the alert is created. This can either be a notification, certification, or a workflow, or a combination of the available actions.

Workflow - Defines the workflow structure and steps involved in the workflow processing.

Email Template - Template used for the notification email. If none is selected, a system default is used.

Email Recipients - List of users to receive the alert notification.

How to Edit an Alert Definition

Alerts are edited in the Alert Definitions tab. Use this procedure to edit existing alerts.

Procedure

  1. Click the Alert Definitions tab on the Alerts page.

  2. Select an alert and lick Edit in the Actions column.

  3. Enter the alert information.

  4. Click Save to save the alert and return to the Alerts page.

How to Filter Alerts

Use the filtering options to limit the number of alerts displayed in the table. You can filter by any field. Use this procedure to filter through existing alerts.

  1. Click the Alert tab on the Alerts page.

  2. Click Filter.

  3. Enter filtering criteria, such as type, source, and alert start and end dates.

  4. Click Apply to save the filter options. The filter button turns green to alert you that filtering conditions have been applied.

  5. To clear filters, click the Filter button to open the filter criteria section, and click Clear.