The following tables list the required authorizations, navigation path, and high-level steps to export and import policies, roles, and settings. Note that the order in which you export or import will differ depending on your governance needs and environment.
Section 30.6.1, Exporting and Importing Data Sources and Related Data
Section 30.6.2, Exporting and Importing Authorization Assignments and General Settings
Section 30.6.3, Exporting and Importing Fulfillment-Related Data
Section 30.6.4, Exporting and Importing Risk Policies and Schedules
Section 30.6.5, Exporting and Importing Technical and Business Roles and Related Data
Section 30.6.6, Exporting and Importing Separation of Duties Related Data
Section 30.6.7, Exporting and Importing Access Request Related Data
Section 30.6.8, Exporting and Importing Review Definitions Related Data
Section 30.6.9, Exporting and Importing Analytics-Related Data
Section 30.6.10, Exporting and Importing Categories and Settings
OpenText Identity Governance enables you to download and import entity attributes, data sources, and catalog entities from one environment to another. However, certain conditions and constraints might apply to import capabilities. When importing catalog entities, if there is a conflict between the imported custom attribute data type and the attribute data type in the target system, you will not be able to import the custom attribute. For example, if you edited a custom attribute data type in your staging environment, exported the attribute, then attempted to import it in your production environment, the import will fail. This is because the application does not support attribute data type change during import or after collection.
To export and import |
Log in as |
Navigate to |
Click the link or select the action |
---|---|---|---|
Attributes as SQLite database files |
Global, Customer, Business Roles, or Data Administrator NOTE:Business Roles Administrator can export and import only Business Role attributes. |
Data Administration > Attributes where attributes are:
|
Download Attributes Import Attributes |
Identity data sources as JSON files |
Global, Customer, or Data Administrator |
Data Sources > Identities Select an identity source, then select Test Collection and Troubleshooting > Download and Emulation |
Download Data Source Configuration Import an identity source |
Application data sources as JSON files |
Global, Customer, or Data Administrator |
Data Sources > Applications Select an application source, then select Test Collection and Troubleshooting > Download and Emulation |
Download Data Source Configuration Import an application source |
Identity bulk update definitions as SQLite database files |
Global, Customer, Bootstrap, or Data Administrator |
Data Sources > Identities > Bulk data update |
Export Bulk Data Update Import Bulk Data Update |
Application bulk update definitions as SQLite database files |
Global, Customer, Bootstrap, or Data Administrator |
Data Sources > Applications > Bulk data update |
Export Bulk Data Update Import Bulk Data Update |
Identities merge rules as a single JSON file |
Global, Customer, or Data Administrator |
Data Sources > Identities |
Export merging rules Import merging rules |
Application collector as a JSON file |
Global, Customer, or Data Administrator |
Data Sources > Application |
Expand the collector view, then click Export Import collector, before importing, you must create an application source and save it. |
Application definition as a JSON file |
Global, Customer, Bootstrap, or Data Administrator |
Data Sources > Application Definitions, select an application definition source, then select Test Collection and Troubleshooting > Download and Emulation |
Download Data Source Configuration Import an application definition source |
Data source templates as JSON files |
Global, Customer, or Data Administrator |
Configuration > Templates where templates are:
|
Actions > Download Actions > Add new template |
Data centers as a single JSON file |
Global or Customer Administrators |
Data Sources > Data Source Connection |
Actions > Export Data Centers Import Data Centers |
Data source connections as a single JSON file |
Global, Customer, Data, or Fulfillment Administrators |
Data Sources > Data Source Connections |
Export Data Source Connections Import Data Source Connections |
Data policies as JSON files |
Global, Customer, or Data Administrator |
Data Administration > Policies and Controls |
Actions > Export Data Policies Import Data Policies |
Data policy schedules as SQLite database files |
Global, Customer, or Data Administrator |
Data Administration > Policies and Controls > Schedule |
Export Schedule Import Schedule |
Archive destinations as SQLite database files |
Global, Customer, SaaS Ops, Bootstrap, or Maintenance Administrator |
Data Administration > Maintenance |
Export Archive Destination Import Archive Destination |
Collection schedules as a SQLite database file |
Global, Customer, or Bootstrap Administrator |
Data Sources > Schedules |
Export Schedules Import Schedules |
Catalog entities as a CSV file |
Global, Customer, Access Request, Data, Auditor, Security Officer, Review, Technical Role, or Separation of Duties Administrator |
Catalog > Entities where entities are:
|
Download all as CSV |
Email notification templates as XML files |
Global, Customer, or Bootstrap Administrator |
Configuration > Notification Emails |
Download XML Import XML |
To export and import |
Log in as |
Navigate to |
Click the link or select the action |
---|---|---|---|
Global authorizations as SQLite database files |
Global, Customer, Bootstrap Administrator, or Security Officer |
Configuration > Authorization Assignments |
Export Assignments Import Assignments |
General settings as SQLite database files |
Global, Customer, or Bootstrap Administrator |
Configuration > General Settings |
Export General Settings Import General Settings |
To export and import |
Log in as |
Navigate to |
Click the link or select the action |
---|---|---|---|
Fulfillment context attributes as SQLite database files |
Global, Customer, Bootstrap, or Fulfillment Administrator |
Configuration > Fulfillment Context Attributes |
Export Context Attributes Import Context Attributes |
Fulfillment target as single JSON files |
Global, Customer, or Fulfillment Administrator |
Fulfillment > Configuration |
Select a fulfillment target, then select Download Fulfillment Target |
Fulfillment target configurations as SQLite database files |
Global, Customer, Bootstrap, or Fulfillment Administrator |
Fulfillment > Configuration |
Export Fulfillment Configuration Import Fulfillment Targets |
Application fulfillment target configurations as SQLite database files |
Global, Customer, Bootstrap, or Fulfillment Administrator |
Fulfillment > Configuration |
Export Fulfillment Configuration Import Application Setup |
Fulfillment target templates as JSON files |
Global, Customer, or Data Administrator |
Configuration > Fulfillment Target Templates |
Actions > Download Actions > Add new template |
Email notification templates as XML files |
Global, Customer, or Bootstrap Administrator |
Configuration > Notification Emails |
Download XML Import XML |
To export and import |
Log in as |
Navigate to |
Click the link or select the action |
---|---|---|---|
Risk policies and schedules as SQLite database files |
Global, Customer, Bootstrap, or Data Administrator NOTE:Bootstrap Administrator can export only risk policies. |
Policy > Risk |
Export Risk Policies Import Risk Policies |
When you import technical roles, OpenText Identity Governance detects whether you are importing new or updated roles and whether the updates would create any conflicts or have unresolved references. Unresolved technical roles where a match for the referenced object is not available in the system, are marked by an indicator. Importing before the roles are resolved will result in incomplete roles with some missing permissions. If an indicator appears next to a role in the import view, inspect these roles and ensure that they map properly in the target system.
NOTE:After importing technical or business roles, you must activate or publish them before they take effect in the system. Also, OpenText Identity Governance must recognize the users that hold the permissions as members of a technical role. For more information, see Section 15.8, Activating Technical Roles.
When you import technical roles as a JSON or ZIP file that is exported from a previous version of OpenText Identity Governance, OpenText Identity Governance will utilize the enhanced import process to import the file.
When you import a business role, if that role references a technical role that is deactivated, then the applicationdisplays a warning. You can choose to activate the technical role and import, or continue with the import without activating the role. If you select the latter, the application ignores the reference to the inactive role but allows you to activate the role later and include it in the policy.
To export and import |
Log in as |
Navigate to |
Click the link or select the action |
---|---|---|---|
Technical role definitions as SQLite database files |
Global, Customer, Bootstrap, or Technical Role Administrator NOTE:A Bootstrap administrator can export only technical role definitions. |
Catalog > Roles |
Actions > Download Definitions Import Technical Roles |
Lists of Technical roles as CSV files |
Global, Customer, Bootstrap, or Technical Role Administrator NOTE:A Bootstrap administrator can export only technical role definitions. |
Catalog > Roles |
Actions > Download all as CSV |
Business role definitions as a JSON file |
Global, Customer, or Business Roles Administrator |
Policy > Business Roles |
Actions > Download Definitions Import Business Roles |
List of Business roles as a CSV file |
Global, Customer, or Business Roles Administrator |
Policy > Business Roles |
Actions > Download all as CSV |
Business role approval policies as a single JSON file |
Global, Customer, or Business Roles Administrator |
Policy > Business Roles > Approval Policies |
Download Definitions Import Approval Policies |
Business role auto request settings as SQLite database files |
Global, Customer, or Business Roles Administrator |
Policy > Business Roles > Auto Requests |
Export Auto Request Settings Import Auto Request Settings |
List of Business role inconsistencies as SQLite database files |
Global, Customer, or Business Roles Administrator |
Policy > Business Roles > Manage Inconsistencies |
Export Inconsistency Settings Import Inconsistency Settings |
Auto Inconsistency Resolution policies as SQLite database files |
Global, or Customer Administrator |
Policy > Inconsistency Resolution > Auto Resolution Policies |
Import Auto Resolution Policies Actions > Download |
List of Auto Inconsistency Resolution policy related business role inconsistencies as a CSV file |
Global, or Customer Administrator |
Policy > Inconsistency Resolution > Auto Resolutions, then click on inconsistencies count |
Download |
Analytics and role mining settings as an SQLite database file for:
|
Global, Customer, Bootstrap, Business Roles, Technical Role, or Data Administrator NOTE:A Technical Role Administrator can export and import decision support and role mining settings. |
Configuration > Analytics and Role Mining Settings |
Export Analytics Settings Import Analytics Settings |
Email notification templates as XML files |
Global, Customer, or Bootstrap Administrator |
Configuration > Notification Emails |
Download XML Import XML |
During an export, if a default approval policy is assigned, the application exports the policy as part of the JSON file. When importing, if the import file includes a default approval policy, the application offers the option to change or modify the existing policy or set a default policy if no policy currently exists.
When you import SoD policies, if that policy references a technical role that is deactivated, the application displays a warning. You can choose to activate the technical role and import, or continue with the import without activating the role. If you select the latter, ignores the reference to the inactive role but allows you to activate the role later and include it in the policy.
To export and import |
Log in as |
Navigate to |
Click the link or select the action |
---|---|---|---|
SoD policies as JSON files |
Global, Customer, or Separation of Duties Administrator |
Policy > SoD |
Actions > Download Definition Import Separation of Duty Policies |
SoD approval policies as JSON files |
Global, Customer, or Separation of Duties Administrator |
Policy > SoD > SoD Approval Policies |
Actions > Download Definition Import SoD Approval Policies |
SoD violation options as SQLite database files |
Global, Customer, Bootstrap, or Separation of Duties Administrator |
Policy > SoD > Violation Options |
Export Violation Options Import Violation Options |
Email notification templates as XML files |
Global, Customer, or Bootstrap Administrator |
Configuration > Notification Emails |
Download XML Import XML |
When you download forms, the JSON file contains both request and approval form data because the request and approval forms need corresponding controls to facilitate data flow. When you import forms, you can preview the forms and compare the previous form with the imported form and revert if required. To use the imported form, you must publish it. Note that, for default forms, you must select an application or permission to preview the imported forms.
When you import new access request policies, if that policy references a technical role that is deactivated, the application displays a warning. You can choose to activate the technical role and import, or continue with the import without activating the role. If you select the latter, the application ignores the reference to the inactive role but allows you to activate the role later and include it in the policy.
NOTE:When you download approval policies for access requests, the associated assignments for the policy are also included in the download file.
To export and import |
Log in as |
Navigate to |
Click the link or select the action |
---|---|---|---|
Default forms as a single JSON file |
Global, Customer, or Access Request Administrator |
Policy > Access Request Policy
|
Download Forms Import Custom Forms |
Custom forms as a single JSON file for applications and permissions |
Global, Customer, Access Request Administrator, or Application Owner |
Catalog > Applications > Application Name > Custom Forms Or Catalog > Permissions > Permission Name > Custom Forms |
Actions > Download Forms Import Custom Forms |
|
Global, Customer, or Access Request Administrator |
Policy > Access Request Policy > Approval Policies Edit the policy, then select:
|
Import Assignments |
Workflows or forms |
Global, Customer, or Workflow Administrator |
Workflow Administration Console > Catalog
|
Export and import workflows Export and import forms |
Coverage maps as a JSON file |
Global, Customer, Bootstrap, Access Request, or Review Administrator |
Policy > Coverage Maps |
Actions > Export Coverage Maps Import Coverage Maps |
Delegate mappings as a SQLite database file |
Global, Customer, or Data Administrator |
Policy > Delegation |
Download mappings or Actions > Download mappings Import Delegate Mappings |
Access requests as a single JSON file |
Global, Customer, or Access Request Administrator |
Policy > Access Request Policies |
Import Access Request Policies |
Access request approval policies as a single JSON file |
Global, Customer, or Access Request Administrator |
Policy > Access Request Policies > Approval Policies |
Actions > Download Definitions Import Access Request Approval Policies |
List of access request approval policies as a CSV file |
Global, Customer, or Access Request Administrator |
Policy > Access Request Policies > Approval Policies |
Actions > Download all as CSV |
Email notification templates as XML files |
Global, Customer, or Bootstrap Administrator |
Configuration > Notification Emails |
Download XML Import XML |
Remediation settings such as email recipients and review definitions can be resolved when a certification policy is imported or it can be resolved manually after import. So, to avoid unmapped errors when you are importing, extract the files, import the review definitions, then import the certification policy.
Importing review definitions may also result in unresolved references when matching criteria is not collected. To avoid these errors, ensure that the global import and export settings com.netiq.iac.importExport fie is configured. Contact your SaaS Operations Administrator to ensure that the settings are configured correctly.
NOTE:OpenText Identity Governance uses an existing coverage map, and automatically resolves coverage map references. If a coverage map does not exist, it creates one.
To export and import |
Log in as |
Navigate to |
Click the link or select the action |
---|---|---|---|
Review definitions as JSON files |
Global, Customer, Auditor, or Review Administrator NOTE:Auditors can only download review definitions. |
Reviews > Definitions |
Download Definitions Import Review Definitions |
Reviewers and review item lists as CSV files |
Global, Customer, Auditor, or Review Administrator |
Reviews > Reviews > review name |
Download reviewers Download all review items as CSV |
Review Configuration as SQLite database files |
Global, Customer, Data, or Review Administrator NOTE:Data Administrator can export and import only account controls. |
Reviews > Review > Settings |
Export Review Configuration Import Review Configuration |
Delegate mappings as a SQLite database file |
Global, Customer, or Data Administrator |
Policy > Delegation |
Download mappings or Actions > Download mappings Import Delegate Mappings |
Coverage maps as a JSON file |
Global, Customer, Bootstrap, Access Request, or Review Administrator |
Policy > Coverage Maps |
Actions > Export Coverage Maps Import Coverage Maps |
Certification policies as a JSON file |
Global, Customer, Data, or Review Administrator |
Policy > Certification |
Action > Export Policies Import Certification Policies |
Certification schedules as SQLite database files |
Global, Customer, Data, or Review Administrator |
Policy > Certification > Schedule |
Export Schedule Import Schedule |
Email notification templates as XML files |
Global, Customer, or Bootstrap Administrator |
Configuration > Notification emails |
Download XML Import XML |
OpenText Identity Governance provides ability to define queries and metrics to analyze your governance system.
To improve download speed of insight queries CSV file, the default value of com.netiq.iac.ui.insightQuery.download.results.pageSize configuration property is set to 1000. Contact your SaaS Operations Administrator to ensure that the settings are configured correctly.
To export and import |
Log in as |
Navigate to |
Click the link or select the action |
---|---|---|---|
Metric results as a CSV file |
Global, Customer, or Data Administrator |
Configuration > Analytics and Role Mining Settings |
Actions > Download Metrics |
Custom metric definition as a JSON file |
Global, Customer, or Data Administrator |
Configuration > Analytics and Role Mining Settings |
Actions > Download Definition Import Custom Metrics |
Metrics data store configurations as SQLite database files |
Global, Customer, Bootstrap, or Data Administrator |
Configuration > Analytics and Role Mining Settings > Metrics Data Stores |
Export Metrics Data Stores Import Metrics Data Stores |
Insight queries as SQLite database files |
Global, Customer, Auditor, Data, or Governance Insights Administrator |
Catalog > Governance Insights |
Download Queries Import Insight Queries |
Insight query results as a CSV file |
Global, Customer, Auditor, Data, or Governance Insights Administrator |
Catalog > Governance Insights then select the query |
Download results of insight query as a CSV file |
Custom governance widget data as a PDF or a CSV file |
Global, Customer, or Data Administrator |
Overview > Governance Widgets |
Download chart as PDF file Download data as CSV file |
You can directly import categories or use the entity import feature to import entities with category reference.
To export and import |
Log in as |
Navigate to |
Click the link or select the action |
---|---|---|---|
Categories as SQLite database files |
Global, Customer, or Bootstrap Administrator NOTE:Bootstrap Administrator can export only categories. |
Configuration > Categories |
Export Categories Import Categories |
Download settings as SQLite database files |
Global, Customer, Bootstrap, or Data Administrator |
Configuration > Download Settings |
Export Download Settings Import Download Settings |