Return to What's New in IdentityIQ 7.2
A new Policy Violations user interface is introduced in IdentityIQ 7.2 to make processing violations easier and more intuitive. This new UI separates key policy violation data out to multiple tabs for a cleaner review process, and moves the processing actions to a single, central page, streamlining users' access to their policy violation tasks.
Many of the fundamental ways the Policy Violations UI works are unchanged from or very similar to earlier versions of IdentityIQ. For example, the items listed in the Policy Violations UI are detected violation items, not requested items or alerts that appear as work items. Also, as in earlier releases, the My Work > Policy Items menu option will bring up a list of all the violations you are permitted to view (for example, system administrators and users with the Policy Administrator capability will see all violation items in the entire system), whereas clicking the Policy Violations tile on the home page will bring up a list of only the violation items you are an owner of.
This video gives an overview of the new Policy Violations UI
Allowing (or mitigating) a violation means you are setting a time period in which the identity is allowed to work in violation of the policy, without affecting compliance or risk.
Separation of Duties policy violations are the only policy violations that can be corrected by revoking conflicting entitlements or roles in the Policy Violations UI.
In IdentityIQ 7.1 and earlier you used an option called Correct Violation from the Violation Decision menu on the details page for an individual violation. In IdentityIQ 7.2 the button for this is labelled Revoke and is available for relevant violations on the Open tab of the main Policy Violations page.
To correct a violation by revoking role(s) or entitlements(s):
Only system administrator users can certify based on policy violations. The Certify option is, as of release 7.2., available only as a Bulk Decision.
The ability to delegate a violation must be enabled in the Compliance Manager setup page (as described below) in order for users to be able to delegate policy violations. You can delegate policy violations that are both on the Open tab and on the Complete tab.
Delegated items are always displayed on the Open tab. An item delegated from the Complete tab will move to the Open tab. Delegated items are marked as such on the Open tab.
Note: Delegated items appear in the recipient's Work Items menu (My Work > Work Items), not in the Policy Violations UI.
System administrators can enable or disable the delegation of policy violation items.
You can edit decisions from the Complete tab after a you allow a violation. Click the three-line ("hamburger") menu and choose Edit Decision. Note that revocation decisions can not be edited here; they can only be viewed.
You can also edit a decision on the Open tab after you make the decision, but before you save the decision. When you have clicked Allow or Revoke for a violation item, an Edit Decision option becomes available in the three-line ("hamburger") menu. Note that once you save your decision(s), this Edit Decision option is no longer available in the Open tab.
Helpful Info. Have got 2 quick questions:
1. If we need to programmatically trigger the identity certification when VO clicks on Certify. How can we achieve this. We have all disconnected type applications.
2. On revoke, I am seeing a pop-up where VO has to choose the remediator, how can I restrict that pop-up.
,
Thanks
Sourabh
1. Can we delete Completed items in Complete Tab?
2. Can we delete/refresh old items in both the tabs?
- without using debug.
Because I am facing issue in this scenario:
User has A - B has conflict , Action taken B revoked . (this item is in completed tab)
now new C assigned and A-C also have conflict
but it is not detected. When I deleted the old completed item from debug. It got detected.
Please help!! (using 8.0p1)
Re: neetikam
For 1. I believe you need to uncheck "Keep Previous Violations" from your Identity Refresh task where you are checking for Active Policies
How is the 'Allowed' and 'Revoked' status in the completed tab set ?
What property is it based out of ?
We are moving the violation items to completed tab and via custom code(by changing status on the violation item) but it is not showing 'Allowed' or 'Revoked' status on UI.
Can someone help ?