Issue policies
Definition
Soffid has defined automatic events by default. For each of these events, it is possible to define the tasks to be performed and configure them.
Once the necessary issues have been configured, there are other screens for viewing and managing them.
Issue types
Below is a list of the issue types available in Soffid.
| Issue Type | Description |
| account-created |
This issue is created when the Sync Server detects when a new account is created. This may occur after the Reconciliation process has been executed. |
| breached-account-password |
This issue is created when a password change for an account has been rejected because the password has been detected as breached. Be aware you must have enabled the "Network intelligence" feature with a valid token. |
| breached-email |
This issue is created when the "Network intelligence verify domains" process is launched and it is detected that a user's email has been breached. An issue is created for each system in which that email is found. Be aware that to enable the process, you must have enabled the "Network intelligence" feature with a valid token. |
| breached-password |
This issue is created when a password change for a user has been rejected because the password has been detected as breached. Be aware you must have enabled the "Network intelligence" feature with a valid token. |
| disconnected-system | This issue is created when the Sync Server detects that some target system is offline. |
| discovered-host |
This issue is created when the Sync Server detects a new host in the network. This only occurs after the Network Discovery process has been executed. |
| discovered-system |
This issue is created when the Sync Server detects a new system in a host. This only occurs after the Network Discovery process has been executed. |
| duplicated-user |
This issue is created the system detects that there are duplicate users, or when the task is generated manually from the user management. |
| enabled-account-on-disabled-user | This issue is created when an enabled account is detected on a disabled user. This may occur after the reconciliation process has been executed. |
| expired-breached-password |
During login, when everything has gone well, the system also checks whether a password has been compromised. This is checked asynchronously, allowing the user to log in to Soffid without affecting performance. If the password has been compromised, the password and account are marked as expired and an issue is created. The next time the user logs in, they will be asked to create a new password. |
| failed-job |
This issue is created when the system detects job failures. This may occur by running any scheduled task. |
| global-failed-login | This issue is created when the number of session start failures exceeds the threshold of 0.8. |
| integration-errors | This issue is created when the Sync Server detects an integration error between Soffid and an end system. You can check the task in the Monitoring & Reporting. |
| locked-account |
This issue is created when an account has been blocked for exceeding the maximum number of login attempts. You can configure the property Lock after failures in the Password policies settings. Even if it is temporarily locked, the incident will be generated. |
| login-different-country |
This issue is created when Soffid detects a new login from a different country. It only works with the Identity Provider and it is necessary to have the geolocation database updated. |
| login-from-new-device |
This issue is created when Soffid detects a new login from a new device. It only works with the Identity Provider. |
| login-not-recognized | This issue is created when Soffid detects a login not recognized (disabled user or user does not exist) in the Soffid Console or in Soffid as an Identity Provider. |
| otp-failures | This issue is created when an OTP is blocked for exceeding the number of attempts. Currently blocked with 10 unsuccessful attempts. |
| pam-violation | This issue is created when any of the rules of the PAM are violated. You can define the PAM rules and the PAM policies. Be in mind, that you must check the "Open issue" option in the PAM policies you wish to control. |
| password-changed |
This issue is created when a Password change is detected. These changes come from the end system (Active Directory or Soffid OpenLDAP) and Soffid has been notified. The issue is not created if it is the operator or a script that changes the password in Soffid. |
| permissions-granted |
This issue is created when it is detected that permissions have been given to a user on the end system. This may occur after the reconciliation process has been executed. |
| risk-increase | This issue is created when it is detected the risk level of a user is increased. You can configure the risks in the Segregation of Duties option. |
| robot-login | This issue is created when it is detected is detected that someone who has not passed the CAPTCHA is trying to log in to the Identity Provider. |
| security-exception | This issue is created when unauthorized access to the console via WebService or admin console occurs. |
Screen overview
Related Objects
- Issue policies
- Issues
- My issues
- Pages related to the different issues:
Standard attributes
- Issue type: by default, some issues type are defined in Soffid Console.
- Description: a brief description of the issue.
- Action:
- Ignore: the action will be ignored, and no additional actions will be run.
- Record: the action will be recorded and an issue with the status Acknowledged will be created. The actions configured for
thethe Acknowledged status will be run. - Manage: a new issue will be created in the New status and the action configured for this status will be run.
- Assigned role: the role who will be the owner of the created issues.
- Actions list: list of actions to be taken when this issue occurs. You can choose one or more actions from the list and configure them:
- Issue status: it is used to determine the point when the action will be launched.
- New.
- Acknowledged.
- Solved.
- Solved - Not a duplicate.
- Actions:
- Notify affected user: this allows you to configure an email that will be sent to the affected users.
- Send custom email: this allows you to configure a custom email that will be sent to specific users.
- Run script: allows you to type a script that will be performed
- Look affected accounts: allows you to configure an email that will be sent to the owner user.
- Look affected host.
- Notify issue owner by email.
- Acknowledge.
- Start new process.: allows you to configure the workflow that will be run.
- Description: a brief description of the action you are defining.
- Issue status: it is used to determine the point when the action will be launched.
Note that it will be necessary to restart the Sync Server when changing the action of an issue.
Actions
Table actions
| "Query search" | Allows you to query issue types through different search systems, Quick, Basic and Advanced. |
| Download CSV file | Allows you to download a CSV file with the issue policies data. |
Issue actions
|
Apply changes (dick button) |
Allows you save a issue policy. To save the data it will be mandatory to fill in the required fields. |
| Download CSV file | Allows you to download a CSV file with the issue policies data. |
| Expand all | Displays all the attributes of the different blocks. |
| Collapse all | Hide all attributes of the different blocks. |
| "Types of views" | Change the view type: Classic view, Modern view, Compact design. |
| Add new |
Allows you to add a new action to the issue policy. You can choose the action from the action list. Depending on the selected action, you must fill in different information. Once the information will be filled in, you need to close the window and Apply the changes. |
| Delete |
Allows you to delete one or more actions from the actions list. |
| Undo | Allows you to quit without applying any changes. |
| Apply changes | Allows you to update the changes made to the issue policy. |