The Identity De-Provisioning Control contains a set of reports and rules to monitor common identity de-provisioning and access violation actions within the enterprise.
Employee TerminationViolation: A report that lists any attempts to access enterprise resources by terminated employees.
IdT - Identity Terminated Employees Rule: A rule that identifies the terminated employees within the enterprise.
IdT - Remove Reactivated Employees Rule: A rule that identifies the reactivated employees within the enterprise.
IdT - Unauthorized Access By Terminated Employees Rule: A rule that identifies unauthorized access by terminated employees within the enterprise.
This control makes a series of assumptions about how terminated employees are handled in the enterprise.
Terminated employees are simply designated as being no longer employed. The Resource Kit enforces this standard by setting the employeeStatus attribute to Inactive for all terminated employees. For more information about this process, see Termination Business Logic
in the Identity Manager Resource Kit 1.2 Architecture Reference Guide.
If other methods are used to identify the terminated employees, the IdT - Identify Terminated Employees Rule needs to be modified if your method does not use the employeeStatus attribute.
Modifying the status of the employee automatically triggers disabling of all associated accounts to ensure that the user no longer has access to enterprise resources. If this is not the case in your environment, you might need to modify the IdT - Unauthorized Access By Terminated Employees rule to filter out events from those special accounts. For example, if former employees are still allowed to use an e-mail account.
To install the Identity De-Provisioning Collector:
Launch the Solution Manager by selecting
in the toolbar in the Sentinel Control Center.Select
, then click .Select
in the left pane of the Solution Manager, then click .Verify that the Identity De-Provisioning Control is listed, then click
.Select your correlation engine from the drop-down list as the location where the Identity De-Provisioning rules are installed.
Select the
, then click .Select whether the Crystal* server is local or remote by selecting one of the following options:
Specify the following Crystal server information:
Server Name: Specify the Crystal server DNS name or IP address.
User Name: Specify an administrative user for the Crystal server.
Password: Specify the administrative user’s password.
Click
after you have specified the Crystal server information.Review the contents of the Identity De-Provisioning Control, then click
.Review the installation summary, then click
.