Once you have configured your request and approval policies, you can download all the configured policies as a zip file containing multiple JSON files and the policy list as a CSV file to back up your policies or to import the exported definition files into an Identity Governance environment.
Identity Governance automatically detects whether you are importing new or updated policies and whether the updates would create any conflicts or have unresolved references and displays the results. Additionally, you can generate an import report to review entities that were created, updated, or have conflicts.
While importing new policies, if that policy references a technical role that is deactivated, then Identity Governance displays a warning. You can choose to activate the technical role and import, or continue with the import without activating. If you select the latter, Identity Governance ignores the reference to the inactive role but allows you to activate the role later and include it in the policy.
Note that if a technical role references access request or approval policy, then Identity Governance will not allow you to delete or deactivate the technical role unless the technical role is removed by the administrator, from the list of all policies that reference this technical role and prevents deactivation.
To download and import policies:
Log in as a Customer, Global, or Request Administrator.
Under Policy, select Access Request Policies.
Select the request policies or approval polices on the respective tab.
To download a list of policies with name, description, and state as a CSV file, select Actions > Download all as CSV on the request or approval policies tab.
To download one or more policy definitions:
Select one or more policies from the list, then click Actions > Download Definitions.
Type the policy name or a meaningful description.
(Optional) Download technical roles referenced in the policy and the applications associated with the referenced permissions.
Select Download.
Select the download icon on the top title bar to select and download the file.
(Optional) Delete the downloaded files from the download area in Identity Governance.
If you do not manually delete files, Identity Governance will automatically delete files based on your default download retention day settings. For information about customizing download settings, see Section 4.10, Customizing Download Settings.
To import request and approval policies, select the respective import link on the respective tab and navigate to the exported policy definition folder.
Select the zip or JSON file you want to import.
Review the displayed information and determine whether to import references, which entities to import, and whether to overwrite the conflicts. For example, under Updates, compare the imported values with current values for each entity by selecting the respective policy.
(Conditional) If you import more than the preconfigured threshold for the number of policies that can be displayed on the import page or if the import fix size exceeds the preconfigured threshold, Identity Governance will switch to bulk import mode. When in bulk mode, instead of selecting whether to create, update, or handle conflicts for specific policies, you can select to import all new policies and update all existing policies. For conflicts, you can choose to either overwrite existing policies or create new policies.
NOTE:The default value for policies that can be displayed is 200 or the value specified in com.netiq.iac.importExport.maxImportsToDisplay property.
(Optional) Generate a report of entities to analyze the import data. If you had previously imported assignment data, you will be able to review the assignment data report.
Select the entities you want to import, then click Import.