To create scan definitions:
In Identity Self Service, click the Compliance tab.
Click the Identity Audit box, and select Scan Definitions. The Scan Definitions page is displayed.
From the Actions menu, select Create. Alternatively, click Create on the toolbar. The Attributes page of the Create Scan Definitions wizard is displayed.
In the General Policy Information section, enter the scan definition name in the Name box. This is a mandatory field.
In the Description box, enter a description for the scan definition.
In the Owner box, specify the user name of the owner of the scan definition. You can click the Search icon, and search and select a user as the owner. This is a mandatory field.
Click Next. The Select Policy page of the Create Scan Definitions wizard is displayed.
From the Policy Selection Strategy list, select any one of the following options:
All Policies: Select this option to associate all the IDA policies with the scan definition.
Selected Policies: Select this option to associate the policies you select to associate them with the scan definition. To do so, click Add Policies, and search and select a policy.
Policy Criteria: Select this option to specify criteria parameters based on which the policies will be dynamically associated with the scan definition. To do so:
Select any one of the following options:
All: To specify that all parameters must match.
Any: To specify that any one parameter must match.
Enter values in the Policy Name and Description fields.
Optionally, you can click Advanced to include more attributes in the criteria.
Click Update and Preview Results. The selected criteria is added to the Criteria String section.
Click Next. The Base Selection page of the Create Scan Definitions wizard is displayed.
In the Base Selection section, specify the users that you want to scan by using this scan definition. Select a set of users that you want to scan by selecting any of the following options:
All Organizations: To specify that all organizations will be scanned.
Selected Organizations: To specify one or more organizations that will be scanned. After selecting this option, click Add Organizations, search and select one or more organizations, and then click Select.
All Users: To specify that all users will be scanned.
User Criteria: To specify criteria parameters so that users that match the criteria will be scanned. To specify the user criteria:
Under the Criteria Parameters section, select any one of the following:
All: To specify that all the parameters must match.
Any: To specify that any one parameter must match.
Enter values in the Manager and Organizations fields.
Optionally, you can click Advanced to include more attributes in the criteria.
Click Update and Preview Results. The selected criteria is added to the Criteria String section.
Selected Users: To specify one or more users that will be scanned. After selecting this option, click Add Users, search and select one or more users, and then click Select.
Click Next. The Configuration page of the Create Scan Definitions wizard is displayed.
(Optional) Select the Prevent Self Remediation option if you want to prevent the owner of the scan definition to take remediation action. Then you must specify a different user as the remediator by selecting any one of the following options from the Alternate remediator ID list:
User Manager: To specify the manager of the user for whom the policy violation has been detected as the remediator.
Selected User: To specify a user that you select as the remediator. To do so, click the Search icon, and search and select a user.
If you do not want to prevent self remediation, then accept the default settings, and click Next. The Summary page of the Create Scan Definitions wizard is displayed.
Review the attributes, policies, base selection, and configuration that you specified, and then click Finish. The scan definition is created.