Configuring compliance alert rules

Configure compliance alert rules to specify when compliance alerts are sent.

Before you begin

Depending on how your system administrator customized your system, you might not have access to this task. To obtain access to this task or to have someone complete it for you, contact your system administrator.

Before you can configure policy enforcement behavior on a service in IBM Verify Identity Governance, you must create a service instance.

About this task

IVIG must make an informed decision about which account change operations are granting additional privileges and which are revoking privileges for noncompliance resolution. This decision allows users to be informed about accounts that are disallowed or privileges to be revoked before IVIG removes it from the user. For multi-valued attributes, IVIG accomplishes this choice through a simple subset relation. For single-valued attributes, IVIG consults privilege rules to differentiate between granting and revoking actions.

If no privilege rules are defined for an attribute, then any change in a single-valued attribute is assumed to be a revoke action that leads to creation of a compliance alert.

Procedure

To configure compliance alert rules, complete these steps:

  1. From the navigation tree, click Manage Services.
    The Select a Service page is displayed.
  2. On the Select a Service page, complete these steps:
    1. Type information about the service in the Search information field.
    2. In the Search by field, specify whether to search against services or business units.
    3. Select a service type from the Search type list.
    4. Select a status from the Status list, and then click Search.
      A list of services that matches the search criteria is displayed.
      If the table contains multiple pages, you can:
      • Click the arrow to go to the next page.
      • Type the number of the page that you want to view and click Go.
  3. In the Services table, click the icon (Context menu icon) next to the service to show the tasks that can be done on the service, and then click Configure Policy Enforcement.
    The tasks that you can do are dependent on the type of service.
    The Select Action page is displayed.
  4. On the Select Action page, select Alert, and then click Continue.
    The Configure Policy Enforcement Behavior notebook is displayed.
  5. On the General tab of the notebook, complete the following steps:
    1. In the Alert name field, type a descriptive name for the alert.
    2. Select the participants to receive the alerts.
      The participant fields vary, depending on the type of participants you select.
    3. Specify the time intervals.
    4. Select the process types for which an alert is generated.
      If no process type is selected, the system automatically corrects a noncompliant account for that process type. The correction can modify or delete the account.
  6. Optional: On the E-mail tab of the notebook, either use the default template, or provide text for the alert notification email message.
  7. Click Submit.
    A confirmation page is displayed.
  8. On the Confirm page, specify the date and time for the enforcement action to occur, and then click Submit, or click Cancel.

Results

A message is displayed, indicating that you successfully saved the policy enforcement settings for the service.

What to do next

View the status of the request, or click Close. When the Select a Service page is displayed, click Refresh to refresh the Services table.