Sun Identity Manager 8.1 Business Administrator's Guide

Working with Identity Auditing in the Administrator Interface

This section describes how to access Identity Auditing features in the Administrator Interface. Email notification templates used in identity auditing are also discussed.

Using the Compliance Section of the Interface

To create and manage audit policies, use the Compliance section of the Identity Manager Administrator interface.

ProcedureTo Use the Compliance section to Create and Manage Audit Policies

  1. Log in to the Administrator interface (Logging in to the Identity Manager End-User Interface).

  2. Click Compliance in the menu bar.

    The following subtabs (or menu items) are available in the Compliance section:

    • Manage Policies

    • Manage Access Scans

    • Access Reviews

Manage Policies

The Manage Policies page lists the policies that you have permission to view and edit. You can also manage access scans from this area.

From the Manage Policies page, you can work with audit policies to accomplish these tasks:

Detailed information about these tasks follows in the section A Sample Audit Policy Scenario.

Manage Access Scans

Use the Manage Access Scans tab to create, modify, and delete access scans. Here you can define scans that you want to run or schedule for periodic access reviews. For more information about this feature, see Periodic Access Reviews and Attestation.

Access Reviews

The Access Reviews tab enables you to launch, terminate, delete, and monitor the progress of your access reviews. It displays a summary report of the scan results with information links that enable you to access more detailed information about the review status and pending activities.

For more information about this feature, see Managing Access Reviews.

Identity Auditing Tasks Interface Reference

To look up how to perform other identity auditing tasks in the Administrator interface, see Table B–8. This quick reference tells you where to go to start a variety of auditing tasks.

Email Templates

Identity Auditing uses email-based notification for a number of operations. For each of these notifications, an email template object is used. The email template allows the headers and body of email messages to be customized.

Table 13–1 Identity Auditing Email Templates

Template Name  


Access Review Remediation Notice 

Sent to remediators by an access review when user entitlements are initially created in a remediating state. 

Bulk Attestation Notice 

Sent to attestors by an access review when they have pending attestations. 

Policy Violation Notice 

Sent to remediators by an audit policy scan when violations occur. 

Access Scan Begin Notice 

Sent to an access scan owner when an access review starts a scan. 

Access Scan End Notice 

Sent to an access scan owner when an access scan completes.