The following tables list the required authorizations, navigation path, and high-level steps to export and import policies, roles, and settings. Note that the order in which you export or import will differ depending on your governance needs and environment.
Section 32.6.1, Exporting and Importing Data Sources and Related Data
Section 32.6.2, Exporting and Importing Authorization Assignments and General Settings
Section 32.6.3, Exporting and Importing Fulfillment-Related Data
Section 32.6.4, Exporting and Importing Risk Policies and Schedules
Section 32.6.5, Exporting and Importing Technical and Business Roles and Related Data
Section 32.6.6, Exporting and Importing Separation of Duties Related Data
Section 32.6.7, Exporting and Importing Access Request Related Data
Section 32.6.8, Exporting and Importing Review Definitions Related Data
Section 32.6.9, Exporting and Importing Analytics-Related Data
Section 32.6.10, Exporting and Importing Categories and Settings
Identity Governance enables you to download and import entity attributes, data sources, and catalog entities from one environment to another. However, certain conditions and constraints might apply to import capabilities. When importing catalog entities, if there is a conflict between the imported custom attribute data type and the attribute data type in the target system, you will not be able to import the custom attribute. For example, if you edited a custom attribute data type in your staging environment, exported the attribute, then attempted to import it in your production environment, the import will fail. This is because Identity Governance does not support attribute data type change during import or after collection.
|
To export and import |
Log in as |
Navigate to |
Click the link or select the action |
|---|---|---|---|
|
Attributes as a JSON file |
Global, Customer, Business Role, Technical Role, or Data Administrator NOTE:Business Role Administrator can export and import only Business Role attributes. |
Data Administration > Attributes where attributes are:
|
Download Attributes Import Attributes |
|
Identity data sources as JSON files |
Global, Customer, or Data Administrator |
Data Sources > Identities Select an identity source, then select Test Collection and Troubleshooting > Download and Emulation |
Download Data Source Configuration Import an identity source |
|
Application data sources as JSON files |
Global, Customer, or Data Administrator |
Data Sources > Applications Select an application source, then select Test Collection and Troubleshooting > Download and Emulation |
Download Data Source Configuration Import an application source |
|
Identities merge rules as a single JSON file |
Global, Customer, or Data Administrator |
Data Sources > Identities |
Export merging rules Import merging rules |
|
Application collector as a JSON file |
Global, Customer, or Data Administrator |
Data Sources > Application |
Expand the collector view, then click Export Import collector, but before importing, you must create an application source and save it. |
|
Application definition as a JSON file |
Global, Customer, Bootstrap, or Data Administrator |
Data Sources > Application Definitions, select an application definition source, then select Test Collection and Troubleshooting > Download and Emulation |
Download Data Source Configuration Import an application definition source |
|
Data source templates as JSON files |
Global, Customer, or Data Administrator |
Configuration > Templates where templates are:
|
Actions > Download Actions > Add new template |
|
Data centers as a single JSON file |
Global or Customer Administrators |
Data Sources > Data Source Connection |
Actions > Export Data Source Connections |
|
Data source connections as a single JSON file |
Global, Customer, Data, or Fulfillment Administrators |
Data Sources > Data Source Connections |
Actions > Export Data Source Connections Import Data Source Connections |
|
Data policies as JSON files |
Global, Customer, or Data Administrator |
Data Administration > Policies and Controls |
Actions > Export Data Policies Import Data Policies |
|
Data policy schedules as SQLite database files |
Global, Customer, or Data Administrator |
Data Administration > Policies and Controls > Schedule |
Export Schedule Import Schedule |
|
Collection schedules as a SQLite database file |
Global, Customer, or Bootstrap Administrator |
Data Sources > Schedules |
Export Schedules Import Schedules |
|
Catalog entities as a CSV file |
Global, Customer, Access Request, Data, Business Role, Auditor, Security Officer, Review, Technical Role, or Separation of Duties Administrator |
Catalog > Entities where entities are:
|
Download all as CSV |
|
Email notification templates as XML files |
Global, Customer, or Bootstrap Administrator |
Configuration > Notification Emails |
Download XML Import XML |
|
To export and import |
Log in as |
Navigate to |
Click the link or select the action |
|---|---|---|---|
|
Global authorizations as SQLite database files |
Global, Customer, Bootstrap Administrator, or Security Officer |
Configuration > Authorization Assignments |
Export Assignments Import Assignments |
|
General settings as SQLite database files |
Global, Customer, or Bootstrap Administrator |
Configuration > General Settings |
Export General Settings Import General Settings |
|
To export and import |
Log in as |
Navigate to |
Click the link or select the action |
|---|---|---|---|
|
Fulfillment context attributes as SQLite database files |
Global, Customer, Bootstrap, or Fulfillment Administrator |
Configuration > Fulfillment Context Attributes |
Export Context Attributes Import Context Attributes |
|
Fulfillment target as a single JSON file |
Global, Customer, or Fulfillment Administrator |
Fulfillment > Configuration |
Select a fulfillment target, then select Download Fulfillment Target Import a fulfillment target |
|
Fulfillment target templates as JSON files |
Global, Customer, or Data Administrator |
Configuration > Fulfillment Target Templates |
Actions > Download Actions > Add new template |
|
Email notification templates as XML files |
Global, Customer, or Bootstrap Administrator |
Configuration > Notification Emails |
Download XML Import XML |
|
To export and import |
Log in as |
Navigate to |
Click the link or select the action |
|---|---|---|---|
|
Risk policies and schedules as SQLite database files |
Global, Customer, Bootstrap, or Data Administrator NOTE:Bootstrap Administrator can export only risk policies. |
Policy > Risk |
Export Risk Policies Import Risk Policies |
When you import technical roles, Identity Governance detects whether you are importing new or updated roles and whether the updates would create any conflicts or have unresolved references. For unresolved technical roles, where a match for the referenced object is not available in the system, Identity Governance adds an indicator. Importing before the roles are resolved will result in incomplete roles with some missing permissions. If an indicator appears next to a role in the import view, inspect these roles and ensure that they map properly in the target system.
NOTE:After importing technical or business roles, you must activate or publish them before they take effect in the system. Also, Identity Governance must recognize the users that hold the permissions as members of a technical role. For more information, see Section 17.8, Activating Technical Roles.
When you import technical roles as a JSON or ZIP file that is exported from a previous version of Identity Governance, Identity Governance will utilize the enhanced import process to import the file.
When you import a business role, if that role references a technical role that is deactivated, then Identity Governance displays a warning. You can choose to activate the technical role and import, or continue with the import without activating the role. If you select the latter, Identity Governance ignores the reference to the inactive role but allows you to activate the role later and include it in the policy.
|
To export and import |
Log in as |
Navigate to |
Click the link or select the action |
|---|---|---|---|
|
Technical role definitions as SQLite database files |
Global, Customer, Bootstrap, or Technical Role Administrator NOTE:A Bootstrap administrator can export only technical role definitions. |
Catalog > Roles |
Actions > Download Definitions Import Technical Roles |
|
Lists of Technical roles as CSV files |
Global, Customer, Bootstrap, or Technical Role Administrator NOTE:A Bootstrap administrator can export only technical role definitions. |
Catalog > Roles |
Actions > Download all as CSV |
|
Business role definitions as a JSON file |
Global, Customer, or Business Role Administrator |
Policy > Business Roles |
Actions > Download Definitions Import Business Roles |
|
List of Business roles as a CSV file |
Global, Customer, or Business Role Administrator |
Policy > Business Roles |
Actions > Download all as CSV |
|
Business role approval policies as a single JSON file |
Global, Customer, or Business Role Administrator |
Policy > Business Roles > Approval Policies |
Download Definitions Import Approval Policies |
|
List of Business role inconsistencies as a CSV file |
Global, Customer, or Business Role Administrator |
Policy > Business Roles > Manage Inconsistencies, then click on number of inconsistencies |
Actions > Download |
|
Auto Inconsistency Resolution policies as SQLite database files |
Global, or Customer |
Policy > Inconsistency Resolution > Auto Resolution Policies |
Import Auto Resolution Policies Actions > Download |
|
List of Auto Inconsistency Resolution policy related business role inconsistencies as a CSV file |
Global, or Customer |
Policy > Inconsistency Resolution > Auto Resolutions, then click on inconsistencies count |
Download |
|
Analytics and role mining settings as an SQLite database file for:
|
Global, Customer, Bootstrap, Business Role, Technical Role, or Data Administrator NOTE:A Technical Role Administrator can export and import decision support and role mining settings. |
Configuration > Analytics and Role Mining Settings |
Export Analytics Settings Import Analytics Settings |
|
Email notification templates as XML files |
Global, Customer, or Bootstrap Administrator |
Configuration > Notification Emails |
Download XML Import XML |
When you import SoD policies, if that policy references a technical role that is deactivated, Identity Governance displays a warning. You can choose to activate the technical role and import, or continue with the import without activating the role. If you select the latter, Identity Governance ignores the reference to the inactive role but allows you to activate the role later and include it in the policy.
|
To export and import |
Log in as |
Navigate to |
Click the link or select the action |
|---|---|---|---|
|
SoD policies as JSON files |
Global, Customer, or Separation of Duties Administrator |
Policy > SoD |
Actions > Download Definition Import Separation of Duty Policies |
|
SoD approval policies as JSON files |
Global, Customer, or Separation of Duties Administrator |
Policy > SoD Approval Policies |
Actions > Download Definition Import SoD Approval Policies |
|
Email notification templates as XML files |
Global, Customer, or Bootstrap Administrator |
Configuration > Notification Emails |
Download XML Import XML |
When you download forms, the JSON file contains both request and approval form data because the request and approval forms need corresponding controls to facilitate data flow. When you import forms, you can preview the forms and compare the previous form with the imported form and revert if required. To use the imported form, you must publish it. Note that, for default forms, you must select an application or permission to preview the imported forms.
When you import new access request policies, if that policy references a technical role that is deactivated, Identity Governance displays a warning. You can choose to activate the technical role and import, or continue with the import without activating the role. If you select the latter, Identity Governance ignores the reference to the inactive role but allows you to activate the role later and include it in the policy.
NOTE:When you download approval policies for access requests, the associated assignments for the policy are also included in the download file.
|
To export and import |
Log in as |
Navigate to |
Click the link or select the action |
|---|---|---|---|
|
Default forms as a single JSON file |
Global, Customer, or Access Request Administrator |
Policy > Access Request Policy
|
Download Forms Import Custom Forms |
|
Custom forms as a single JSON file for applications and permissions |
Global, Customer, Access Request Administrator, or Application Owner |
Catalog > Applications > Application Name > Custom Forms Or Catalog > Permissions > Permission Name > Custom Forms |
Actions > Download Forms Import Custom Forms |
|
Assignments |
Global, Customer, or Access Request Administrator |
Policy > Access Request Policy > Approval Policies Edit the policy, then select:
|
Import Assignments |
|
Workflows or forms |
Global, Customer, or Workflow Administrator |
Workflow Administration Console > Catalog
|
Export and import workflows Export and import forms |
|
Coverage maps as a JSON file |
Global, Customer, Bootstrap, Access Request, or Review Administrator |
Policy > Coverage Maps |
Actions > Export Coverage Maps Import Coverage Maps |
|
Delegate mappings as a SQLite database file |
Global, Customer, or Data Administrator |
Policy > Delegation |
Download mappings or Actions > Download mappings Import Delegate Mappings |
|
Access requests as a single JSON file |
Global, Customer, or Access Request Administrator |
Policy > Access Request Policies |
Import Access Request Policies |
|
Access request approval policies as a single JSON file |
Global, Customer, or Access Request Administrator |
Policy > Access Request Policies > Approval Policies |
Actions > Download Definitions Import Access Request Approval Policies |
|
List of access request approval policies as a CSV file |
Global, Customer, or Access Request Administrator |
Policy > Access Request Policies > Approval Policies |
Actions > Download all as CSV |
|
Email notification templates as XML files |
Global, Customer, or Bootstrap Administrator |
Configuration > Notification Emails |
Download XML Import XML |
Remediation settings such as email recipients and review definitions can be resolved when a certification policy is imported or it can be resolved manually after import. So, to avoid umapped errors when you are importing, extract the files, import the review definitions, then import the certification policy.
Importing review definitions may also result in unresolved references when matching criteria is not collected. To avoid these errors, ensure that the global import and export settings com.netiq.iac.importExport fie is configured. Contact your SaaS Operations Administrator to ensure that the settings are configured correctly.
NOTE:Identity Governance uses an existing coverage map, and automatically resolves coverage map references. If a coverage map does not exist, Identity Governance creates one.
|
To export and import |
Log in as |
Navigate to |
Click the link or select the action |
|---|---|---|---|
|
Review definitions as JSON files |
Global, Customer, or Review Administrator |
Reviews > Definitions |
Download Definitions Import Review Definitions |
|
Reviewers and review item lists as CSV files |
Global, Customer, or Review Administrator |
Reviews > Reviews > review name |
Download reviewers |
|
Delegate mappings as a SQLite database file |
Global, Customer, or Data Administrator |
Policy > Delegation |
Download mappings or Actions > Download mappings Import Delegate Mappings |
|
Coverage maps as a JSON file |
Global, Customer, Bootstrap, Access Request, or Review Administrator |
Policy > Coverage Maps |
Actions > Export Coverage Maps Import Coverage Maps |
|
Certification policies as a JSON file |
Global, Customer, Data, or Review Administrator |
Policy > Certification |
Action > Export Policies Import Certification Policies |
|
Certification schedules as SQLite database files |
Global, Customer, Data, or Review Administrator |
Policy > Certification > Schedule |
Export Schedule Import Schedule |
|
Email notification templates as XML files |
Global, Customer, or Bootstrap Administrator |
Configuration > Notification emails |
Download XML Import XML |
|
To export and import |
Log in as |
Navigate to |
Click the link or select the action |
|---|---|---|---|
|
Metric results as a CSV file |
Global, Customer, or Data Administrator |
Configuration > Analytics and Role Mining Settings |
Actions > Download Metrics |
|
Custom metric definition as a JSON file |
Global, Customer, or Data Administrator |
Configuration > Analytics and Role Mining Settings |
Actions > Download Definition Import Custom Metrics |
|
Insight queries as a single JSON file |
Global, Customer, Auditor, Data, or Governance Insights Administrator |
Catalog > Governance Insights |
Actions > Download Queries Import Insight Queries |
|
Insight query results as a CSV file |
Global, Customer, Auditor, Data, or Governance Insights Administrator |
Catalog > Governance Insights then select the query |
Download results of insight query as a CSV file |
|
Custom governance widget data as a PDF or a CSV file |
Global, Customer, or Data Administrator |
Overview > Governance Widgets |
Download chart as PDF file Download data as CSV file |
You can directly import categories or use the entity import feature to import entities with category reference.
|
To export and import |
Log in as |
Navigate to |
Click the link or select the action |
|---|---|---|---|
|
Categories as SQLite database files |
Global, Customer, or Bootstrap Administrator NOTE:Bootstrap Administrator can export only categories. |
Configuration > Categories |
Export Categories Import Categories |
|
Download settings as SQLite database files |
Global, Customer, Bootstrap, or Data Administrator |
Configuration > Download Settings |
Export Download Settings Import Download Settings |