Skip to main content

Issue policies

Definition

Soffid has defined automatic events by default. For each of these events, it is possible to define the tasks to be performed and configure them.

You can find this functionality in the following path:

Main Menu > Administration > Configuration > Security settings > Issue policies

The default events are the following;

Issue Type Description
account-created The Sync Server detects when a new account is created.
disconnected-system The Sync Server detects that some target system is offline.
discovered-host The Sync Server detects a new host in the network
discovered-system The Sync Server detects a new system in a host
duplicated-user The system detects that there are duplicate users, or when the task is generated from the user management.
enabled-account-on-disabled-user Enable account on disabled user
failed-job The system detects job failures.
global-failed-login The number of session start failures exceeds the threshold of 0.8.
integration-errors The number of errors in an agent's queue is increased.
locked-account An account has been blocked for exceeding the maximum number of login attempts.
login-different-country Soffid detects a new login from a different country.
login-from-new-device Soffid detects a new login from a new device.
login-not-recognized Soffid detects a login not recognized.
otp-failures An OTP is blocked for exceeding the number of attempts.
pam-violation Any of the rules of the PAM are violated.
password-changed Password change detected.
permissions-granted When it is detected that permissions have been given to a user on the end-system.
risk-increase The risk level of a user is increased.
robot-login It is detected that someone who has not passed the CAPTCHA is trying to log in to the IdP.
security-exception Unauthorized access to the console via WS or admin console occurs.

Screen Overview

image-1689689114657.png

image-1686554911612.png

  1. Roles

Standard attributes

  • Issue type: by default, some issues type are defined in Soffid Console. 
  • Description: a brief description of the issue.
  • Action:
    • Ignore: the action will be ignored, and no additional actions will be run.
    • Record: the action will be recorded and an issue with the status Acknowledged will be created. The actions configured for the Acknowledged status will be run.
    • Manage: a new issue will be created in the New status and the action configured for this status will be run.
  • Assigned role: the role who will be the owner of the created issues.
  • Actions list: list of actions to be taken when this issue occurs. You can choose one or more actions from the list and configure them:
    • Issue status: it is used to determine the point when the action will be launched.
      • New.
      • Acknowledged.
      • Solved.
      • Solved - Not a duplicate.
    • Actions:  
      • Notify affected user: this allows you to configure an email that will be sent to the affected users.
      • Send custom email: this allows you to configure a custom email that will be sent to specific users.
      • Run script: allows you to type a script that will be performed
      • Look affected accounts: allows you to configure an email that will be sent to the owner user.
      • Look affected host.
      • Notify issue owner by email.
      • Acknowledge.
      • Start new process.: allows you to configure the workflow that will be run.
    • Description: a brief description of the action you are defining.

Note that it will be necessary to restart the Sync Server when changing the action of an issue.

Actions

Issue policies query action

Download CSV file Allows you to download a CSV file with the issue policies data.

Issue policy detail

Add new

Allows you to add a new action to the issue policy. You can choose the action from the action list. Depending on the selected action, you must fill in different information.

Once the information will be filled in, you need to close the window and Apply the changes.

Delete

Allows you to delete one or more actions from the actions list.

&&TODO&&

Apply changes Allows you to update the changes made to the issue policy.
Undo Allows you to quit without applying any changes.