You can automate the processing of certain identity management tasks by using identity policies. An identity policy is a set of business changes that occurs when a user meets a certain condition or rule. You can use identity policy sets to:
Identity policies that enforce compliance are called compliance policies.
The business changes associated with an identity policy include:
For example, a company may create an identity policy which states that all Vice Presidents belong to the Country Club Member group and have the role Salary Approver. When a user’s title changes to Vice President and that user is synchronized with the identity policy, CA IdentityMinder adds the user to the appropriate group and role. When a Vice President is promoted to CEO, she no longer meets the condition in the Vice President identity policy so the changes applied by that policy are revoked, and new changes based on the CEO policy are applied.
The change actions that occur based on an identity policy contain events which can be placed under workflow control and audited. In the previous example, the Salary Approver role grants significant privileges to its members. To protect the Salary Approver role, the company can create a workflow process that requires a set of approvals before the role is assigned, and they can configure CA IdentityMinder to audit the role assignment.
To simplify identity policy management, identity policies are grouped in an identity policy set. For example, the Vice President and CEO policies may be part of the Executive Privileges identity policy set.
Copyright © 2013 CA.
All rights reserved.
|
|