IGA 7.1.1

Policies

The policies feature allows for the creation of policy rules that define combinations of user details, roles or assignments, which constitute policy violations. When a scan is performed against a policy, violations are created for users based on the rules of the policy. The owner of the violation can choose to remove the violation via remediation or grant an exception to the user and allow the violation to exist for a defined period of time.

iga policies my review tasks

Managing policy violations

Policy violations are created as a result of scans against policies and assigned to an owner specified in the policy. The violation details the policy violated, the user in violation, the date it was detected, and a description of the policy itself.

To view the current list of violations that are currently assigned to you or a role you belong to, navigate to the Violations tab of the My Review Tasks screen.

iga policies my review tasks closer

Violation table

  • Display columns

    • User

      • Description: User who has violated the policy

      • Searchable: Yes, by userName

      • Sortable: No

    • Policy

      • Description: Name of the policy the user violated

      • Searchable: Yes

      • Sortable: Yes

    • Owner

      • Description: User or role assigned as owner of the violation

      • Searchable: No

      • Sortable: No

    • Expiration Date

      • Description: Date the violation task must be completed by

      • Searchable: No

      • Sortable: Yes

Viewing an active violation

To view the details of a specific violation, find the violation you wish to view in the violations table and click on it. Once clicked the View Violation page will appear with more details on the policy violation. The following fields are visible in the page:

iga viewing active violation

  • Target User: The user who violated the policy

  • Policy Owner: The user or role who is assigned the violation task

  • Violation Detected: Date that the violation was found

  • Expiration Date: Date that the task will expire

  • Policy Name: Policy that was violated

  • Policy Description: Description of the policy that was violated

  • Comments: Any comments on the violation will appear at the bottom of the violation view screen

    • Date: Date comment was made

    • Comment: The message that was added

    • By: The person who made the comment

  • Action Buttons

    • Add Comment

    • Remediate

    • Grant Exception

Violation actions

Violation owners have three available actions for the violation tasks that they have been assigned: Add Comment, Remediate, or Grant Exception. The details and description of each action are described below.

iga violation action buttons

Add comment

Users have the ability to add a comment to a violation for any number of reasons. Whether it’s to leave a note for themselves to follow up on the violation, an explanation of their upcoming decision, or a reminder to another member of their role to take a certain action. To add a comment, the user can simply click on the Add Comment button which will reveal a simple comment form. Type the comment into the text field and click the ‘Submit Comment’ button to save the comment to the violation. Once submitted, the user will be able to see their added comment in the comments section of the violation.

iga add violation comment

Remediate

If the violation owner has decided that the user should not be violating the policy in question and needs to have their access remediated, they can choose to click the ‘Remediation’ button in the violation action buttons row. When clicked, the violation will immediately be sent to the remediation workflow that exists within the policy definition.

Grant exception

If the violation owner determines that the user who has violated the policy has done so under circumstances that should allow them to continue to violate the policy for a period of time, they can choose to grant an exception to the violation. To do so, the user can click on the ‘Grant Exception’ button in the violation actions row. Doing so will expand a form for submitting an exception, which includes selecting an expiration date for the exception and entering in a comment justifying the reason that the exception was granted. Once the form has been completed, clicking ‘Submit Exception’ will complete the violation task and not take any steps to remediate the access violated in the policy.

iga grant violation exception

Viewing closed policy violations

To view the details of a closed violation, navigate to the Violations tab of the My Review Tasks screen, and click on the Closed tab within the status selector row. Next, find the violation you wish to view in the violations table and click on it. Once clicked the View Violation page will appear with more details on the closed policy violation. The following fields are visible in the page:

  • Target User: The user who violated the policy

  • Policy Owner: The user or role who is assigned the violation task

  • Violation Detected: Date that the violation was found

  • Exception Start Date: (if exception granted) Date that the exception was granted

  • Exception End Date: (if exception granted) Date that the exception expired

  • Completed By: User that completed the task

  • Completion Date: Date task was completed

  • Policy Name: Policy that was violated

  • Policy Description: Description of the policy that was violated

  • Comments: Any comments on the violation will appear at the bottom of the violation view screen

    • Date: Date comment was made

    • Comment: The message that was added

    • By: The person who made the comment

Closed policy violations no longer allow any actions to be taken, and so the violation action buttons are not visible on closed violations.
Copyright © 2010-2023 ForgeRock, all rights reserved.