A scan runs selected audit policies on individual users or organizations. You might want to scan a user or organization for a specific violation or execute policies not assigned to the user or organization. Launch scans from the Accounts area of the interface.
You can also launch or schedule an audit policy scan from the Server Tasks tab.
In the Administrator interface, select Accounts from the main menu.
In the Accounts list, perform one of these actions:
Select one or more users, and then select Scan from the User Actions options list.
Select one or more organizations and then select Scan from the Organization Actions options list.
The Launch Task dialog displays. Figure 15–1 is an example of the Launch Task page for an audit policy user scan.
Enter a title for the scan in the Report Title field. (required)
Specify the remaining options.
These options include:
Report Summary: Enter a description for the scan.
Add Policies: Select one or more audit policies to run. You must specify at least one policy.
Policy Mode: Select a policy mode, which determines how the selected policies interact with users who already have policy assignments. Assignments can come directly from the user or from the organization to which the user is assigned.
Do not create violations: Enable this box if you want audit policies evaluated and violations reported, but do not want compliance violations to be created or updated, and do not want remediation workflows to be executed. Task results from the scan do show which violations would have been created, making this option useful when testing audit policies.
Execute Remediation Workflow?: Enable this box to run the remediation workflow assigned in the audit policy. If the audit policy does not define a remediation workflow, no remediation workflow will run.
Violation Limit: Edit this box to set the maximum number of compliance violations that can be emitted by the scan before it aborts. This value is a safeguard to limit risk when running an audit policy that may be overly aggressive in its checks. An empty value means no limit is set.
Email Report: Enable this box to specify recipients for the report. You might also have Identity Manager attach a file containing a report in CSV (comma-separated values) format.
Override default PDF options: Enable this box to override the default PDF options.
Click Launch to begin the scan.
To view the reports resulting from an audit scan, view the Auditor Reports.