LogoLogo
3.1.6
2.7.13Archive3.0.0Cymmetri3.1.63.1.7
3.1.6
2.7.13Archive3.0.0Cymmetri3.1.63.1.7
  • Getting Started
    • What is Cymmetri?
    • Release Notes
      • 3.0.1-Beta
      • 3.0.2-Beta
      • 3.0.3-Beta
      • 3.0.4-Beta
      • 3.0.5-Beta
      • 3.0.6-Beta
      • 3.0.7-Beta
      • 3.0.8-Beta
      • 3.0.9-Beta
      • 3.0.10-Beta
      • 3.0.11-Beta
      • 3.0.12-Beta
      • 3.1.0 - Product Release
      • 3.1.1-Beta
      • 3.1.2 - Product Release
      • 3.1.3-Beta
      • 3.1.4-Beta
      • 3.1.5-Beta
      • 3.1.6 -Beta
      • 3.1.7 - Product Release
      • 3.0.x Consolidated
      • 3.1.x Consolidated
    • Starting your Cymmetri Trial
    • Admin Dashboard
    • Accessing Cymmetri
    • Supported Web Browsers
    • Cymmetri Error Codes
    • Help
    • Personalization
      • General Config
      • Admins
      • Masters in Cymmetri
      • Personalize Notification Templates
      • Tenant Branding
      • Custom Attributes
      • API Client
      • Batch Tasks
      • API Extension
    • Global Search
  • Identity Hub
    • Managing Users and Groups
      • User Management
      • User Detail
      • Create Users
      • Edit Users
      • Create Groups
      • Importing Users
      • Assigning Users to Groups
      • Delegation
        • Setting up Delegation
        • Delegating Work to Delegatee
        • Accepting Delegation
      • Suspended Users
      • Archived Users
      • All Users Session
    • Authentication
      • Identity Provider
        • Internal IDP
          • Introduction
          • Internal Identity Provider Configuration: Cymmetri
          • Internal Identity Provider Configuration: Active Directory
          • Internal Identity Provider Configuration: LDAP
        • External IDP
          • Introduction
          • External Identity Provider Configuration - Google IDP
          • External Identity Provider Configuration - Azure IDP
          • External Identity Provider Configuration - Salesforce IDP
      • Service Provider
      • Authentication Rules
      • Password Policy
      • Global Auth Policy
      • Adaptive
    • Attribute Setting
    • Password Filter
    • Logs
      • Audit Log
      • Import History
      • Scheduler History
  • Lifecycle Management
    • Application Management
      • Support for Application Management
      • Getting Started
        • Introduction to Application Management
        • Adding Applications to be managed by Cymmetri
        • Assigning Applications to End Users
        • Application Detail
        • Dynamic Forms
        • Configuring Connector Server
        • 360 Degree Recon
      • Provisioning How to
        • Cymmetri Connector List
        • Supported Provisioning Operations
        • Azure Provisioning
        • Active Directory (AD) Provisioning
        • Google Workspace Provisioning
        • LDAP Provisioning
        • Powershell Provisioning
        • REST Connector Provisioning
        • SCIM v2.0 Provisioning with Basic Authentication
        • SCIM 2.0 with Bearer Authentication
        • SCIM 2.0 with Fixed Bearer
        • Github Provisioning
        • ServiceNow Provisioning
        • AMAYA
        • HRMS
          • Darwin Box
        • Database Provisioning
        • CSV Directory (Flat-file)
        • Managing Manual Application Assignments
        • SOAP Connector (XML)
        • Integration with Service Desk Management Systems
      • Reconciliation How to
        • Configuring Reconciliation Process
      • Rules
        • Provisioning
        • Deprovisioning
    • Workflow Management
      • Workflow Configuration
      • Workflow Rules
      • Pending Workflows
      • Workflows List
    • Teams Config
    • Configuring Webhooks
    • On Demand Access
  • Single Sign On
    • Introduction
    • SSO Configuration
      • SAML 2.0 Based SSO
      • API Based SSO
      • OpenID Connect Based SSO
    • Multifactor Authentication(MFA)
      • Introduction
      • Cymmetri Authenticator
      • Push Authenticator
      • Google Authenticator
      • SMS Authenticator
      • Secret Questions
      • FIDO Authenticator
      • Admin MFA Setting
    • Passwordless
      • Introduction
      • TOTP Based
      • OTP Based
      • Consent Based
      • FIDO Based
  • My Workspace
    • Getting Started
      • Introduction
      • First Time User Registration
      • End User Login Process
      • Forgot Password & Unlock Account
      • User Settings
    • How to use the My Workspace
      • Dashboard
      • My Access
      • Inbox
      • Team
      • On Behalf
  • Privileged Access Management
    • PAM Administration
      • Introduction to Privilege Access Management (PAM)
      • How to Access PAM in Cymmetri
      • Sub-Sections of PAM
      • Steps to configure PAM Server
      • Adding a device/ server in PAM
      • Vault User
      • Vaulting Configuration
      • Break Glass Configuration
      • PAM Reports and PAM History
      • Dormancy Disable Config
    • PAM Usage
      • Assign a server to a user
      • Access the server
  • Governance
    • Compliance Management
      • IGA Policy Violations
    • Insights
      • Reports
      • Risk
      • Management Dashboards
        • CISO Dashboard
        • CRO Dashboard
      • Industry Compliance
    • Access Certification
      • Setting up and managing Access Reviews
    • Recommendation Engine
    • Role Management
      • Role Mining
      • Entitlements
      • Managing Roles in Cymmetri
    • Segregation Of Duties (SOD)
  • Self-Service App
  • Analytics
    • Cymmetri Analytics
Powered by GitBook

Cymmetri.com

On this page
  • Overview
  • Functional Features
  • Library of Default Violations
  • Designing New Policy Violations through Simulation
  • Scheduled Violation Reporting
  • Auto-Correction of Violations

Was this helpful?

Export as PDF
  1. Governance
  2. Compliance Management

IGA Policy Violations

Was this helpful?

Overview

This manual outlines the administration process for managing and handling policy violations within the Cymmetri Identity Governance and Administration (IGA) system. The system provides features such as maintaining a Library of Default Policy Violations, policy simulation, scheduled violation reporting, and autocorrection mechanisms. These features help ensure compliance, mitigate security risks, and maintain proper access control across the organization.

Functional Features

Library of Default Violations

The IGA system maintains a centralized Library of Default Violations, which includes predefined policy violations. These violations are categorized based on typical governance issues, such as excessive access, unauthorized role assignments, or segregation of duties (SoD) violations.

How to Access and Manage the Library

  1. Navigate to the Policy Violations Library under the Governance section.

  2. Review the list of predefined violations (e.g., Excessive Privileges, Segregation of Duties, Unauthorized Role Assignment).

  3. View detailed descriptions of each violation type, including risk levels, sample records, and suggested remediation actions.

Administrator Actions

  • View or export reports detailing current violations.

  • Modify or update violation definitions based on changes in business requirements.

  • Add new policy violations to the library, if necessary (refer Designing Policy Violations for custom violations).

Designing New Policy Violations through Simulation

The system allows administrators to design custom policy violations using the built-in Policy Simulator. This feature helps assess potential risks before applying new policies system-wide.

Steps to Design a New Policy

  1. Access the Policy Simulator Navigate to the Policy Simulation section and click on Create New Policy.

  2. Define Policy Conditions Provide a unique name, description, and select the target population. Define conditions like roles, data access, and compliance rules.

  3. Assign Violation Severity Select a Severity Level (Low, Medium, High, Critical).

  4. Simulate the Policy Click Simulate to apply the policy to the current system configuration and view results.

  5. Modify and Re-Simulate Modify conditions and rerun the simulation if necessary.

  6. Save and Enforce Save the policy to the Library of Default Violations and enforce it across the organization.

Scheduled Violation Reporting

Administrators can schedule regular reports to monitor policy violations across the organization. These reports provide detailed information on violations, risk levels, and affected users.

Steps to Schedule Reports

  1. Navigate to the Scheduled Reports section under Governance.

  2. Select the Create New Report option.

  3. Choose the Violation Types and Risk Levels to include (e.g., Excessive Privileges, High-risk violations).

  4. Set the report frequency (e.g., daily, weekly, monthly).

  5. Define Email Recipients for the report (e.g., security@company.com, hr@company.com).

  6. Save and activate the scheduled report.

Auto-Correction of Violations

To ensure prompt remediation of critical violations, the IGA system offers an Auto-Correct feature. This feature automates the process of resolving violations by initiating corrective actions, such as access reviews or approval workflows.

How to Enable Auto-Correction

  1. Navigate to the Auto-Correct Settings under the Policy Violations section.

  2. Select the violations that require auto-correction.

  3. Choose the appropriate remediation action (e.g., Access Certification Process, Approval Cycle).

  4. Enable notifications for the administrator to receive updates on actions taken.

  5. Ensure the Audit Log records all auto-correct actions for compliance and reporting purposes.

Artefact - Cymmetri Policy Library - IGA
Artefact - Cymmetri Policy Violations View
Artefact - Cymmetri Policy Simulator
Artefact - Creating New Policy
Artefact - Scheduling Policy Violation Report
Artefact- Cymmetri Policy Violation Remediation View