This section describes how to access Identity Auditing features in the Administrator Interface. Email notification templates used in identity auditing are also discussed.
To create and manage audit policies, use the Compliance section of the Identity Manager Administrator interface.
Log in to the Administrator interface (Logging in to the Identity Manager End-User Interface).
Click Compliance in the menu bar.
The following subtabs (or menu items) are available in the Compliance section:
Manage Policies
Manage Access Scans
Access Reviews
The Manage Policies page lists the policies that you have permission to view and edit. You can also manage access scans from this area.
From the Manage Policies page, you can work with audit policies to accomplish these tasks:
Create an audit policy
Select a policy to view or edit
Delete a policy
Detailed information about these tasks follows in the section A Sample Audit Policy Scenario.
Use the Manage Access Scans tab to create, modify, and delete access scans. Here you can define scans that you want to run or schedule for periodic access reviews. For more information about this feature, see Periodic Access Reviews and Attestation.
The Access Reviews tab enables you to launch, terminate, delete, and monitor the progress of your access reviews. It displays a summary report of the scan results with information links that enable you to access more detailed information about the review status and pending activities.
For more information about this feature, see Managing Access Reviews.
To look up how to perform other identity auditing tasks in the Administrator interface, see Table B–8. This quick reference tells you where to go to start a variety of auditing tasks.
Identity Auditing uses email-based notification for a number of operations. For each of these notifications, an email template object is used. The email template allows the headers and body of email messages to be customized.
Table 13–1 Identity Auditing Email Templates
Template Name |
Purpose |
---|---|
Access Review Remediation Notice |
Sent to remediators by an access review when user entitlements are initially created in a remediating state. |
Bulk Attestation Notice |
Sent to attestors by an access review when they have pending attestations. |
Policy Violation Notice |
Sent to remediators by an audit policy scan when violations occur. |
Access Scan Begin Notice |
Sent to an access scan owner when an access review starts a scan. |
Access Scan End Notice |
Sent to an access scan owner when an access scan completes. |