Mitigated User for Organization Rules

Prerequisites

You must first define a mitigating control before you can assign it to an organization to mitigate an access risk.

Assigning a Mitigating Control to an Organization Rule

1. Choose Access Management  Mitigated Access  Mitigated User Organization Rule.

   The Mitigated User Organization Rule screen appears showing a list of existing organizations to which mitigating controls have been assigned.

2. Choose Assign.

   The User Org Mitigation screen appears.

3. Enter information in the required fields. The required fields are marked with an asterisk (*).

   • Org. Rule ID – Select the field to enter the organization rule ID.

   • Access Risk ID – Select the field to enter the access risk ID.

   • Control ID – Enter the control ID.

   • Monitor – Automatically populated with system data after you choose the control ID.

   • Valid From – Start of the mitigating control period.

   • Valid To – End of the mitigating control period.

   • Status – Choose Active or Inactive from the dropdown list.

4. Choose Add to associate a system to the mitigating control.

5. Choose Add to associate a user to the mitigating control.

6. Choose Submit  Close.

   The mitigating control you assigned is included in the list on the Mitigated Users screen.

Deleting a Mitigated User Organization Rule

1. Choose Access Management  Mitigated Access  Mitigated User Organization Rule.

   The Mitigated User Organization Rule screen appears showing a list of existing organizations to which mitigating controls have been assigned.

2. Select the user you want to delete and choose Delete.

   Confirm your decision to delete this mitigating control.

3. Choose Yes.

   The mitigating control you deleted is removed from the Mitigated User Organization Rule screen.