There are additional configuration steps required to implement the Identity De-Provisioning Control.
You must enable each endpoint system to audit the desired user events. This process defines which events are sent to Sentinel to track. The endpoint systems are the systems that are part of the Identity Manager solution. For example, eDirectory or Active Directory are endpoint systems.
Configuration steps for each endpoint system are different. For example, in eDirectory you set the events to track on the properties of each object. You need to track events that are related to user authentication, such as, when a login or logout occurs. Figure 4-1 is an example of enabling events on the server object.
Figure 4-1 Enabling Audit Events on eDirectory
This rule detects unauthorized access to enterprise resources. The rule contains two actions that need to be configured for your enterprise.
The correct alias account that receives the e-mail alerts must be configured.
In the Sentinel Control Center, select
.Select
, then click .Add the correct alias in the
field, then click .The Sentinel workflow that reports unauthorized access must contain a valid value for the person that receives the reports.
In the Sentinel Control Center, select
.Select
, then click .Specify the correct user name in the
field, then click