Create a Preventative Identity Policy
Before you create a preventative identity policy, you create an identity policy set, which logically groups a set of identity policies.
cim1265
Before you create a preventative identity policy, you create an identity policy set, which logically groups a set of identity policies.
See Important Notes about Preventative Identity Policies before you begin.
To create a preventative identity policy set
- Open Policies, Create Identity Policy Set in the User Console.Create a new identity policy set or use an existing identity policy set as a template.
- Define the profile for the identity policy set on the Profile tab.
- Create a policy set member rule on the Policies tab.
- Create a preventative identity policy as follows:
- Click Add.
- Enter a name for the identity policy.Note:The Apply Once and Compliance settings do not apply to preventative identity policies.
- Identify the users to which the policy applies in the Policy Condition section.Note: The role owner filter and the LDAP query filter are not supported for preventative identity policies.
- In the Action on Apply Policy field, define the actions thatIdentity Managertakes whenIdentity Managerdetects a policy violation:
- AcceptIdentity Managerdisplays a message in View Submitted Tasks that describes the violation, but allows the task to be submitted.
- RejectIdentity Managerdisplays a message in the User Console and prohibits the task from submitting.
- WarningIdentity Managerdisplays a message in the User Console and in View Submitted Tasks. This action can optionally trigger a workflow process.
Identity Managerdisplays a text box where you can specify the message that appears when a violation occurs. - Specify the message in the text box.Note:If you are localizing the User Console, you can specify a resource key instead of text in the message field. See theUser Console Design Guidefor more information about resource keys.
- Add additional actions if necessary and click OK.
Before you use the identity policy set that you created, make sure that identity policies are enabled in the Management Console. See the
Configuration Guide
for more information.