Scanario : 2 Roles (Role1 & Role2) are mutually exclusive and should trigger an alarm for SoD violation if requested.
1) Enable Identity Auditor Feature Set Availability System Property Flag to true
2) Restart the OIM Server
3) Create an Identity Audit Rule
4) Create an Identity Audit Policy
5) Create 2 Roles Role1 & Role2
6) Create Test User - DEEPAK
7) Create a request to self-request Role1 & Role2
8) SoD violation should trigger at the End User Level
9) Manager sees 1 request level approval with SoD violation
10) Manager sees 2 Operation Level (2 Roles) approval for the SoD Violation
11) Approve all the request & operational level requests.
12) User gets access to the roles.
Below are the screens for the above setup and demo
1) Enable Identity Auditor Feature Set Availability System Property Flag to true
3) Create an Identity Audit Rule
4) Create an Identity Audit Policy
7) Create a request to self-request Role1 & Role
8) SoD violation should trigger at the End User Level - Request Level
9) Manager sees 1 request level approval with SoD violation
10) Manager sees 2 Operation Level (2 Roles) approval for the SoD Violation
11) Approve all the request & operational level requests.
----------------------------------------------
----------------------------------------------
----------------------------------------------
----------------------------------------------
----------------------------------------------
12) User gets access to the roles.