Advance Policy Malfunction

IdentityIQ (IIQ) IIQ Discussion and Questions
1

Which IIQ version are you inquiring about?

8.4

Hi Experts,

image
image2473×770 36.6 KB

I would like to seek your advice regarding Advanced Policy configuration.

Recently, I created an advanced policy, but I noticed it is not taking effect during access requests—even though the conditions seem to match.

Scenario:

  • Roles that are not having approval type not equals to “Defined Approvers” should not be allowed to be requested.

To enforce this, I created an advanced policy with a rule that should trigger when:

workerBadgeType == "BB" && approvalType != "Defined Approver"

However, it doesn’t appear to be working as expected.

2

Hi @Bernardc ,

I hope policy is Active. Can you try evaluating policy by running refresh Identity cube task by specifying the specific policy Name to an user who is in violation of the policy and check if its working. If it works there it should work in access request.

Also, can you please share policy rule?

3

Hi @dheerajk27 ,

Yes, checked the policy is active and we see 13 policy violation is from this particular policy as well.

image
image1252×312 10.6 KB

image

Below is the selection method:

image
image1999×368 19.5 KB

But it is still not work in access request.

4

It seems the Identity refresh is able to detect the violations but you only have issue with Access Request not detecting it. What is policyScheme set in your Access Request workflow that you have configured for your environment? I believe it should be interactive or fail for you to see the violations during the access request process.

1 Like
5

Hi @SanjeevIAM ,

Which means I should change the string value of the policy scheme workflow to fail/interactive to make it works?

image
image2202×663 27.5 KB

But I found out with this “continue” value it works with my previous policy as well. Just the new policy is not work.

7

Hi Experts,

I found that a policy violation is triggered during an access request only when the user is not in the policy violation list. Is this the expected behavior?

Policy Violation pop up occur for “Brace” in access request:

image
image856×526 14.6 KB

Policy Violation do not include “Brace” test id:

image
image2527×242 19.3 KB

8

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.