Good day to you! I’m going to try to go through your statements/questions one by one to the extent that I have references available…
- Policy Violation Work Item needs additional context
The first thing to do here is to ensure that your Policy configuration is complete. When configuring the policy rules (constraints), you can configure a description, mitigating control text, remediation advice text, and a Violation rule (often referred to as a Violation Formatting Rule) for each policy rule/constraint you define inside a policy. See the Violation rule in https://community.sailpoint.com/t5/Technical-White-Papers/Rules-in-IdentityIQ-7-0-and-later-versions/ta-p/78176 for more info on that.
Finally, if the Policy triggers a Workflow, you can build a custom form in the workflow to present the Policy Violation to users to act using standard workflow customization techniques.
Note that all of this is focused on the Work Item as it is presented to the user - I’m not sure how this will translate into a report. That said, I do know that the OOB Policy Violation report can be modified to add a column for the constraint that was violated as well:
<ReportColumnConfig field="constraintName" header="Constraint" property="constraintName" sortable="true" width="255"/>
- Policy Violation Work Item only has Allow option
This ties to both your Policy’s certificationActions are, as well as your Complince Manager settings (specifically, I believe you also need Enable Allow Exception Popup checked).
- Include Policy Violations in a Certification
There is an option in the Certification configuration to Include Policy Violations. It should be noted that this will only include Active violations - not violations that have been mitigated or remediated or closed.
1 Like
