19.4 Downloading and Importing Separation of Duties Policies

You can download SoD policies and import them later into an Identity Governance environment. The download will generate either a single JSON file or a Zip file, depending on the options you select during download, such as associated applications and referenced roles. In addition to downloading the SoD policy definitions, you can download the list of SoD policies as a CSV file.

While importing SoD policies, if that policy references a technical role that is deactivated, then Identity Governance displays a warning. You can choose to activate the technical role and import, or continue with the import without activating it. If you select the latter, Identity Governance ignores the reference to the inactive role but allows you to activate the role later and include it in the policy.

Note that if a technical role references an SoD policy, then Identity Governance will not allow you to delete or deactivate the technical role unless the technical role is removed by the administrator, from the list of all policies that reference this technical role and prevents deactivation.

To download and import SoD policies:

  1. Log in as a Customer, Global, or Separation of Duties Administrator.

  2. Select Policy > SoD.

  3. To download a list of policies with the name, description, and state as a CSV file, select Actions > Download all as CSV in the Separation of Duties Policies tab.

  4. To download one or more policy definitions:

    1. Select one or more policies from the list, then click Actions > Download Definitions.

    2. Type the policy name or a meaningful description.

    3. (Optional) Download included references, associated applications, business roles, and technical roles.

    4. Click Download.

  5. Select the download icon on the top title bar to access the saved file and download the file.

  6. (Optional) Delete the downloaded files from the download area in Identity Governance.

    NOTE:If you do not manually delete files, Identity Governance will automatically delete files based on your default download retention day settings. For information about customizing download settings, see Section 4.9, Customizing Download Settings.

To import separation of duties policies:

  1. Log in as a Customer, Global, or Separation of Duties Administrator.

  2. Select Policy > SoD.

  3. Click Import Separation of Duties Policies.

  4. Navigate to the JSON or Zip file, select the file you want to import, and click Open.

    NOTE:Identity Governance detects whether you are importing new or updated policies and whether the updates would create any conflicts.

  5. Specify how to continue based on the information displayed.

  6. (Conditional) If you import more than the preconfigured threshold for the number of policies that can be displayed on the import page, Identity Governance will switch to bulk import mode. When in bulk mode, instead of selecting whether to create, update, or handle conflicts for specific policies, you can select to import all new policies and update all existing policies. For conflicts, you can choose to either overwrite existing policies or create new policies.

    NOTE:The default value for policies that can be displayed is 200. If you need to change the default value, use the com.netiq.iac.importExport.maxImportsToDisplay property. Contact your SaaS Operations Administrator to use the Advanced Configuration menu to add the property and specify a new value.

  7. (Optional) Download the auto-generated import report from the download area. The import report will identify what was imported as well as call out any unresolved references.