Previous Topic: Deploy Self-Service and Password Management

Next Topic: Deploy Workflow Approvals

Deploy Identity Policies

An identity policy is a set of business changes that occurs when a user meets a certain condition or rule. You can use identity policies to provide business-driven entitlements before a complete delegation model is deployed. For example, you can create an identity policy that assigns the Sales Manager provisioning role, which grants access to sales applications, to all users whose title is Sales Manager. When a sales representative is promoted to Sales Manager, he automatically receives access to all of the systems he needs to do his job without waiting for administrator involvement.

To deploy identity policies, you complete the following steps:

  1. Configure identity policies that are triggered by changes to user profile attributes.
  2. Configure the User Manager role to allow a small number of administrators to use user tasks, such as Create User and Modify User, to change the attributes that trigger the identity policies.

    Be sure to configure the scope rules in the User Manager member policies to determine the set of users that role members can manage.

Note the following when deploying identity policies:

Note: For more information about identity policies, see the Administration Guide.

More information:

Identity Policy Optimizations