You can define change actions that Identity Manager performs when it evaluates the identity policy. The actions include:
The actions that Identity Manager can perform when identity policies are applied or removed are the same. See the following table for more information.
Change Action |
Description |
---|---|
Add to group <group-name> [...] |
Adds users to a group. When you select this option, Identity Manager presents a screen where you can search for the group you want. |
Add to <group-name> in user's organization |
Adds users to a local group. When you select this option, Identity Manager presents a text box where you can enter the name of the group that you want. |
Set <single-value-user-attribute> to value |
Sets the value of an attribute in a user profile. If there is an existing value, Identity Manager overwrites it with the value specified in the change action. |
Add <value> to <multi-value-user-attribute> |
Adds a value to a multi-value user attribute. This option does not overwrite existing values. |
Make member of access role |
Assigns users to an access role. |
Make administrator of access role |
Make users administrators of an access role |
Make member of admin role |
Makes users members of an admin role |
Make administrator of admin role |
Makes users administrators of an admin role |
Make member of provisioning role |
Makes users members of a provisioning role, which creates associated endpoint accounts. Note: To use provisioning roles, Identity Manager must integrate with a Provisioning Server. See the Installation Guide for your application server. |
Make administrator of provisioning role |
Makes users administrators of a provisioning role. Note: To use provisioning roles, Identity Manager must integrate with a Provisioning Server. See the Installation Guide for your application server. |
Remove from group <group-name> [...] |
Removes users from a group. When you select this option, Identity Manager presents a screen where you can search for the group you want. |
Remove from <group-name> in user's organization |
Removes users from a local group. When you select this option, Identity Manager presents a text box where you can enter the name of the group that you want. |
Remove <value> from <multi-value-user-attribute> |
Removes a value from a multi-value user attribute. |
Remove member from access role |
Revokes an access role. |
Remove administrator from access role |
Revokes administrator privileges for a specific access role |
Remove member from admin role |
Revokes an admin role. |
Remove administrator from admin role |
Revokes administrator privileges for a specific admin role |
Remove member from provisioning role |
Revokes a provisioning role. |
Remove administrator from provisioning role |
Revokes administrator privileges for a specific provisioning role. |
Send audit message |
Sends a message that you create to the audit database. This message may appear in a report that you create. |
Compliance violation |
Sends a message that you create to the audit database. If you create a compliance report, the message appears each time the identity policy is applied/removed from a user. See the Configuration Guide for more information about auditing. Note: You must enable the Compliance check box on the Profile tab for the Identity Policy Set to use the Compliance Violation option. |