18.4 Downloading and Importing Separation of Duties Policies

You can download SoD policies and import them later into an Identity Governance environment. The download will either generate a single JSON file or a Zip file depending on the options you select during download, such as associated applications and referenced roles. In addition to downloading the SoD policy definitions, you can download the list of SoDs as a CSV file.

To download and import SoD policies:

  1. Log in as a Customer, Global, or Separation of Duties Administrator

  2. Under Policy, select SoD.

  3. To download a list of policies with name, description, and state as a CSV file, select Actions > Download all as CSV in the Separation of Duties Policies tab.

  4. To download one or more policy definitions:

    1. Select one or more policies from the list, then click Actions > Download Definitions.

    2. Type the policy name or a meaningful description.

    3. (Optional) Download included references, associated applications, business roles, and technical roles.

    4. Select Download.

  5. Select the download icon on the top title bar to access the saved file and download the file.

  6. (Optional) Delete the downloaded files from the download area in Identity Governance.

    If you do not manually delete files, Identity Governance will automatically delete files based on your default download retention day settings. For information about customizing download settings, see Section 3.9, Customizing Download Settings.

  7. To import policies, click Import Separation of Duties Policies on the Policy > SoD page.

  8. Navigate to the JSON or zip file, select the file to import, and click Open.

  9. Identity Governance detects whether you are importing new or updated policies and whether the updates would create any conflicts.

  10. Select how to continue based on what information is displayed.

  11. (Conditional) If you import more than the preconfigured threshold for the number of policies that can be displayed on the import page, Identity Governance will switch to bulk import mode. When in bulk mode, instead of selecting whether to create, update, or handle conflicts for specific policies, you can select to import all new policies and update all existing policies. For conflicts, you can choose to either overwrite existing policies or create new policies.

    NOTE:The default value for policies that can be displayed is 200 or the value specified in com.netiq.iac.importExport.maxImportsToDisplay property.

  12. (Optional) Download the auto-generated import report from the download area. The import report will identify what was imported as well as call out any unresolved references.