{
    "componentChunkName": "component---src-templates-docs-js",
    "path": "/admin/7-access-cert/9-segregation-of-duties",
    "result": {"data":{"site":{"siteMetadata":{"title":"OpenIAM Documentation v2026.6.2 | OpenIAM","docsLocation":""}},"mdx":{"fields":{"id":"d54cb482-5441-5af0-a39a-9fbda5530cf6","title":"Segregation of Duties (SoD) policies","slug":"/admin/7-access-cert/9-segregation-of-duties"},"body":"var _excluded = [\"components\"];\n\nfunction _extends() { _extends = Object.assign || function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return _extends.apply(this, arguments); }\n\nfunction _objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = _objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }\n\nfunction _objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }\n\n/* @jsxRuntime classic */\n\n/* @jsx mdx */\nvar _frontmatter = {\n  \"title\": \"Segregation of Duties (SoD) policies\",\n  \"metaTitle\": \"Segregation of Duties (SoD) policies\",\n  \"metaDescription\": \"An overview of the Segregation of Duties (SoD) policies feature\"\n};\nvar layoutProps = {\n  _frontmatter: _frontmatter\n};\nvar MDXLayout = \"wrapper\";\nreturn function MDXContent(_ref) {\n  var components = _ref.components,\n      props = _objectWithoutProperties(_ref, _excluded);\n\n  return mdx(MDXLayout, _extends({}, layoutProps, props, {\n    components: components,\n    mdxType: \"MDXLayout\"\n  }), mdx(\"p\", null, mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"Segregation of Duties (SoD)\"), \" is a \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"security and compliance control\"), \" that prevents any single user from holding a combination of access rights that could enable fraud, error, or abuse of privilege. In OpenIAM, SoD policies define which entitlements (roles, groups, resources, or organizations) are considered conflicting, detect users who violate those policies, and provide tooling to remediate or formally exempt violations.\"), mdx(\"p\", null, \"The SoD feature is typically used for:\"), mdx(\"ul\", null, mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Preventing a user from holding \", mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"both\"), \" \\\"Create Payment\\\" and \\\"Approve Payment\\\" roles \", mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"simultaneously\"), \".\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Flagging users who belong to \", mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"conflicting business units\"), \".\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Ensuring compliance with \", mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"SOX\"), \", \", mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"SOC 2\"), \", \", mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"ISO 27001\"), \", or \", mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"internal audit\"), \" requirements.\")), mdx(\"hr\", null), mdx(\"h2\", null, \"Core concepts\"), mdx(\"h3\", null, \"Policy\"), mdx(\"p\", null, \"A \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"SoD policy\"), \" is the top-level object defining a conflict. Key attributes are as follows.\"), mdx(\"table\", null, mdx(\"thead\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"thead\"\n  }, mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Field\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Type\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Description\"))), mdx(\"tbody\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"name\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"String\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Human-readable policy name\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"description\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"String (max 1024 chars)\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Explanation of the conflict\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"active\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Boolean\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Whether the policy is enforced\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"severity\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"SOFT\"), \" / \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"HARD\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Impact level of a violation (see \\xA75)\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"policyThreshold\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Integer\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Minimum number of violated segments before a policy-level violation is triggered\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"exceptionsAllowed\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Boolean\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Whether exemptions may be granted for this policy\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"managerCanHandleSpv\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Boolean\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Whether the user's manager may handle violations\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"managerGroupId\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"String\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"ID of the group responsible for managing violations\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"riskId\"), \" / \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"riskName\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"String\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Risk classification category\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"segments\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \" Set\\\\<SodPolicySegment\\\\>\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"One or more conflict segments (see \", mdx(\"strong\", {\n    parentName: \"td\"\n  }, \"policy segments\"), \" below)\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"mitigatingControls\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"Set\\\\<SodMitigatingControl\\\\>\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Controls that mitigate the policy risk (see \", mdx(\"strong\", {\n    parentName: \"td\"\n  }, \"mitigating controls\"), \" below)\")))), mdx(\"h3\", null, \"Policy segments\"), mdx(\"p\", null, \"A \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"segment\"), \" defines the specific set of conflicting entitlements within a policy. A policy can have multiple segments; the \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"policyThreshold\"), \" controls how many segments must be violated before the policy is considered violated overall.\"), mdx(\"p\", null, \"Each segment contains:\"), mdx(\"table\", null, mdx(\"thead\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"thead\"\n  }, mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Field\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Description\"))), mdx(\"tbody\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"name\"), \" / \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"description\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Segment identification\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"active\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Whether this segment is actively evaluated\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"threshold\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Minimum conflicting entitlements within the segment to trigger violation\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"managerGroupId\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Segment-level manager group (overrides policy-level if set)\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"roles\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Roles that are in conflict within this segment\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"groups\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Groups that are in conflict within this segment\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"resources\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Resources that are in conflict within this segment\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"organizations\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Organizations that are in conflict within this segment\")))), mdx(\"p\", null, mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"Example:\"), \" A segment named \\\"Payment Controls\\\" might contain both the \\\"Payment Creator\\\" role and the \\\"Payment Approver\\\" role. Any user holding both would trigger a violation of this segment.\"), mdx(\"h3\", null, \"Mitigating controls\"), mdx(\"p\", null, \"A \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"mitigating control\"), \" is a compensating measure that reduces the risk of an SoD violation without removing the conflicting access. Mitigating controls are documented in the system for audit purposes and linked to policies.\"), mdx(\"table\", null, mdx(\"thead\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"thead\"\n  }, mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Field\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Description\"))), mdx(\"tbody\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"name\"), \" / \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"description\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Control identification\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"active\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Whether the control is active\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"ownerType\"), \" / \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"ownerId\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"User or group that owns the control\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"managerType\"), \" / \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"managerId\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"User or group that manages the control\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"reviewFrequency\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"MONTHLY\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"QUARTERLY\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"SEMI_ANNUALLY\"), \", or \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"ANNUALLY\"))), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"effectiveDate\"), \" / \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"expirationDate\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Validity period of the control\")))), mdx(\"p\", null, \"More on mitigating controls can be found in \", mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"10-mitigation-controls\"\n  }, \"this document\"), \".\"), mdx(\"hr\", null), mdx(\"h2\", null, \"Configuration\"), mdx(\"h3\", null, \"Creating a policy\"), mdx(\"p\", null, mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"REST endpoint:\"), \" \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"POST /rest/api/sod-policy/save\")), mdx(\"p\", null, \"A new policy is created with a name, description, severity, and at least one segment. The request body (\", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"SodPolicyBean\"), \") supports:\"), mdx(\"ul\", null, mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Setting the policy active or inactive.\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Linking mitigating controls by ID.\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Defining one or more segments, each with sets of conflicting role/group/resource/organization IDs.\")), mdx(\"p\", null, \"On successful save, the system:\"), mdx(\"ol\", null, mdx(\"li\", {\n    parentName: \"ol\"\n  }, \"Persists the policy and its segments to the database (\", mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"SOD_POLICY\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"SOD_POLICY_SEGMENT\"), \" and related junction tables).\"), mdx(\"li\", {\n    parentName: \"ol\"\n  }, \"Refreshes the Redis policy cache.\"), mdx(\"li\", {\n    parentName: \"ol\"\n  }, \"Triggers a background job to re-evaluate all users against the updated policy.\")), mdx(\"p\", null, mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"Audit actions generated\"), \" are \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"CREATE_SOD_POLICY\"), \" or \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"UPDATE_SOD_POLICY\")), mdx(\"h3\", null, \"Searching policies\"), mdx(\"p\", null, mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"REST endpoint:\"), \" \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"GET /rest/api/sod-policy/search\")), mdx(\"p\", null, \"Supported filters:\"), mdx(\"table\", null, mdx(\"thead\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"thead\"\n  }, mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Parameter\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Description\"))), mdx(\"tbody\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"name\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Substring match on policy name\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"resourceIds\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Policies referencing these resources\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"groupIds\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Policies referencing these groups\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"roleIds\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Policies referencing these roles\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"organizationIds\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Policies referencing these organizations\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"from\"), \" / \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"size\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Pagination\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"sortBy\"), \" / \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"orderBy\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Column and direction for sorting\")))), mdx(\"h3\", null, \"Deleting a policy\"), mdx(\"p\", null, mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"REST endpoint:\"), \" \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"DELETE /rest/api/sod-policy/{id}\")), mdx(\"p\", null, \"Removes the policy and its segments. Existing exemptions and historical violation records are retained for audit purposes.\"), mdx(\"p\", null, mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"Audit action generated\"), \" is \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"DELETE_SOD_POLICY\"), \".\"), mdx(\"hr\", null), mdx(\"h2\", null, \"Violation detection\"), mdx(\"h3\", null, \"How violations are detected\"), mdx(\"p\", null, \"Violation detection evaluates each user's full entitlement set against all active SoD policies and segments. There are two types of violations:\"), mdx(\"table\", null, mdx(\"thead\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"thead\"\n  }, mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Type\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"Description\"))), mdx(\"tbody\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"strong\", {\n    parentName: \"td\"\n  }, \"Direct\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"The user holds the conflicting entitlement explicitly and directly\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, mdx(\"strong\", {\n    parentName: \"td\"\n  }, \"Indirect\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": \"right\"\n  }, \"The user has effective access to a conflicting entitlement via inheritance (e.g., through a parent group or role hierarchy)\")))), mdx(\"p\", null, mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"Detection algorithm (per user, per policy):\")), mdx(\"ol\", null, mdx(\"li\", {\n    parentName: \"ol\"\n  }, \"Retrieve the user's complete entitlement set from the AuthorizationManager.\"), mdx(\"li\", {\n    parentName: \"ol\"\n  }, \"For each \", mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"active\"), \" segment in the policy:\\na. Apply any existing exemptions \\u2014 exclude exempted entitlements from evaluation.\\nb. Compare the user's entitlements against the segment's conflicting sets (roles, groups, resources, organizations).\\nc. Classify each match as direct or indirect.\\nd. If the number of matched entitlements meets or exceeds the segment \", mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"threshold\"), \", record a segment violation.\"), mdx(\"li\", {\n    parentName: \"ol\"\n  }, \"If the number of violated segments meets or exceeds the policy \", mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"policyThreshold\"), \", record a policy violation.\")), mdx(\"p\", null, \"Violation data is stored in ElasticSearch for fast querying.\"), mdx(\"h3\", null, \"Triggering detection\"), mdx(\"p\", null, mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"REST endpoint:\"), \" \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"POST /rest/api/sod-policy-violation/impacted-users/detect\")), mdx(\"p\", null, \"This triggers a system-wide re-evaluation of all users against all policies. Detection is also triggered automatically when:\"), mdx(\"ul\", null, mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"A policy is saved or updated.\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"A user's entitlements change via provisioning.\")), mdx(\"h3\", null, \"Querying violations\"), mdx(\"table\", null, mdx(\"thead\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"thead\"\n  }, mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Endpoint\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Description\"))), mdx(\"tbody\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"GET /rest/api/sod-policy-violation/impacted-users/search\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"List all users with at least one policy violation\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"GET /rest/api/sod-policy-violation/{userId}\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Summary of all violated policies for a specific user\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"GET /rest/api/sod-policy-violation/{userId}/{sodPolicyId}\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Detailed entitlements violating a specific policy for a user\")))), mdx(\"p\", null, \"The detailed response includes the specific conflicting entitlements (direct and indirect), the segment that defines the conflict, and whether each violation has been resolved.\"), mdx(\"hr\", null), mdx(\"h2\", null, \"Severity levels\"), mdx(\"p\", null, \"Severity determines what happens at the moment a provisioning operation (user create or update) would result in a SoD conflict. The check runs inside \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"UserMgr.validateAgainstSodPolicy()\"), \", which is called during every user save unless the request explicitly sets \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"skipSodPolicyCheck=true\"), \".\"), mdx(\"h3\", null, \"Hard violation\"), mdx(\"p\", null, \"A HARD violation \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"blocks the provisioning operation entirely\"), \".\"), mdx(\"p\", null, mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"What happens step by step:\")), mdx(\"ol\", null, mdx(\"li\", {\n    parentName: \"ol\"\n  }, \"The system evaluates the user's incoming entitlement set against all active SoD policies (via \", mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"AuthManager.isConflict()\"), \").\"), mdx(\"li\", {\n    parentName: \"ol\"\n  }, \"A HARD conflict is found.\"), mdx(\"li\", {\n    parentName: \"ol\"\n  }, \"Audit log entry is written with action \", mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"HARD_SOD_POLICY_VIOLATION_DETECTION\"), \", including the full violation details serialized as JSON.\"), mdx(\"li\", {\n    parentName: \"ol\"\n  }, \"A \", mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"SodPolicyServiceException\"), \" (\", mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"ResponseCode.SOD_POLICY_VIOLATION\"), \") is thrown \\u2014 \", mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"the user save rolls back and the entitlement change is rejected\"), \".\"), mdx(\"li\", {\n    parentName: \"ol\"\n  }, \"The policy's \", mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"managerGroupId\"), \" members are notified via the \", mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"SOD_VIOLATION_HARD\"), \" notification type, \", mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"every time\"), \" the violation is detected (including repeat occurrences, not just the first time).\")), mdx(\"p\", null, \"The calling code receives the exception, and the end user or API consumer gets an error response. The conflicting entitlement is never persisted.\"), mdx(\"h3\", null, \"Soft violation\"), mdx(\"p\", null, \"A SOFT violation \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"allows the provisioning operation to proceed\"), \" but records and notifies about the conflict.\"), mdx(\"p\", null, mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"What happens step by step:\")), mdx(\"ol\", null, mdx(\"li\", {\n    parentName: \"ol\"\n  }, \"The system evaluates the user's incoming entitlement set against all active SoD policies.\"), mdx(\"li\", {\n    parentName: \"ol\"\n  }, \"A SOFT conflict is found.\"), mdx(\"li\", {\n    parentName: \"ol\"\n  }, \"Audit log entry is written with action \", mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"SOFT_SOD_POLICY_VIOLATION_DETECTION\"), \".\"), mdx(\"li\", {\n    parentName: \"ol\"\n  }, mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"The user is saved to the database normally\"), \" \\u2014 the entitlement change is applied.\"), mdx(\"li\", {\n    parentName: \"ol\"\n  }, \"For \", mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"existing users\"), \": if this is a \", mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"new\"), \" (previously unknown) violation, the violation is recorded in Elasticsearch (\", mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"UserViolatedSodPolicyDoc\"), \") and the manager group is notified via \", mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"SOD_VIOLATION_SOFT\"), \". For \", mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"repeat\"), \" known violations, no additional notification is sent.\"), mdx(\"li\", {\n    parentName: \"ol\"\n  }, \"For \", mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"new users\"), \" (no existing ID): the violation is noted in the audit log but no Elasticsearch doc is written and no notification is sent at detection time (the doc is maintained after save via \", mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"maintainViolatedSodUserDoc\"), \").\"), mdx(\"li\", {\n    parentName: \"ol\"\n  }, \"After the save completes, \", mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"maintainViolatedSodUserDoc\"), \" reconciles the violation tracking document \\u2014 stale violations (no longer present) are removed from Elasticsearch and the manager group receives a \", mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"SOD_VIOLATION_RESOLVED\"), \" notification.\")), mdx(\"h3\", null, \"Violation resolution notification\"), mdx(\"p\", null, \"When a user's entitlements are updated and a previously recorded SOFT violation no longer applies (e.g., one of the conflicting entitlements was removed), the system:\"), mdx(\"ol\", null, mdx(\"li\", {\n    parentName: \"ol\"\n  }, \"Detects that the violation is no longer present during the next save.\"), mdx(\"li\", {\n    parentName: \"ol\"\n  }, \"Sends a \", mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"SOD_VIOLATION_RESOLVED\"), \" notification to the manager group.\"), mdx(\"li\", {\n    parentName: \"ol\"\n  }, \"Deletes the violation entry from the ElasticSearch document.\")), mdx(\"p\", null, \"To distinguish between SOFT and HARD violation better, please use the table below.\"), mdx(\"table\", null, mdx(\"thead\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"thead\"\n  }, mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Behavior\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"th\"\n  }, \"SOFT\")), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"th\"\n  }, \"HARD\")))), mdx(\"tbody\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Provisioning blocked\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"No \\u2014 save proceeds\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"strong\", {\n    parentName: \"td\"\n  }, \"Yes \\u2014 save is rejected\"))), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Exception thrown\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"No\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"SodPolicyServiceException\"))), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Audit action\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"SOFT_SOD_POLICY_VIOLATION_DETECTION\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"HARD_SOD_POLICY_VIOLATION_DETECTION\"))), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Manager group notification\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"On first (new) violation only\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"strong\", {\n    parentName: \"td\"\n  }, \"Every time\"), \" the violation is detected\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Notification type\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"SOD_VIOLATION_SOFT\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"SOD_VIOLATION_HARD\"))), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Elasticsearch tracking\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Yes \\u2014 recorded in \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"UserViolatedSodPolicyDoc\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"No (save never completes)\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Resolution notification\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Yes \\u2014 \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"SOD_VIOLATION_RESOLVED\"), \" when cleared\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"N/A\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Can be skipped\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"ProvisionUser.skipSodPolicyCheck=true\"), \" skips both SOFT and HARD checks\"), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Same flag\")))), mdx(\"hr\", null), mdx(\"h2\", null, \"Remediation\"), mdx(\"p\", null, \"When a user is found to violate a policy, administrators have two options: \"), mdx(\"ol\", null, mdx(\"li\", {\n    parentName: \"ol\"\n  }, mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"Remove conflicting access\"), \" \", mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"REST endpoint:\"), \" POST /rest/api/sod-policy-violation/handle-violations (with \", mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"isDelete=true\"), \") Removes the specified conflicting entitlements from the user via the provisioning service. This is the standard remediation path.\"), mdx(\"li\", {\n    parentName: \"ol\"\n  }, mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"Grant an exemption\"), \" \", mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"REST endpoint:\"), \" POST /rest/api/sod-policy-violation/handle-violations (with \", mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"isDelete=false\"), \") Creates a formal exemption that allows the user to retain the conflicting entitlements. Requirements and behavior: \", mdx(\"ul\", {\n    parentName: \"li\"\n  }, mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"The policy must have \", mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"exceptionsAllowed=true\"), \". \"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"A comment/reason must be provided.\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"The exemption records: user ID, policy ID, entitlement type (ROLE, GROUP, RESOURCE, ORGANIZATION), entitlement ID, timestamp, and the ID of the user who granted the exemption.\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Exempted entitlements are excluded from future violation evaluations for that user. Exemptions can be queried per user via the service to support auditing. \")))), mdx(\"p\", null, mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"Audit action generated:\"), \" Logged with user ID, policy ID, entitlement details, and a comment.\"), mdx(\"h2\", null, \"Integration with Access Certification\"), mdx(\"p\", null, \"SoD violations are surfaced inside \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"Access Certification\"), \" reviews. When a manager reviews a user's access during a certification campaign: \"), mdx(\"ul\", null, mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Each access review item is checked against active SoD policies. \\\\\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Violations are displayed as AccessReviewItemSodViolation records attached to the review item. \"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Each violation includes: policy name, severity, risk classification, conflicting entitlement details, segment information, and whether it is a direct or indirect violation. - The manager can certify (retain) or revoke access, with SoD context visible for informed decision-making. - Resolved violations are tracked via the resolved flag on the violation record.\")), mdx(\"hr\", null), mdx(\"h2\", null, \"Reporting\"), mdx(\"p\", null, \"SoD feature allows reporting on the violations and other activity with the feature involved. The reports are located and can be configured via \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"org.openiam.sod.reports.directory\"), \" property. The SoD report service generates \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"CSV exports\"), \" of violations. Reports can be filtered by: \"), mdx(\"ul\", null, mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Specific policy IDs.\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Severity level.\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Risk ID Each row in the report includes: user identity information, entitlement details, violated SoD policies, and associated mitigating controls. The report service uses LRU caching internally to minimize database load for frequently accessed user and entitlement data.\")), mdx(\"hr\", null), mdx(\"h2\", null, \"Data model\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"SodPolicy (SOD_POLICY)\\n  \\u251C\\u2500\\u2500 segments: SodPolicySegment (SOD_POLICY_SEGMENT) [1..N]\\n  \\u2502     \\u251C\\u2500\\u2500 roles      \\u2192 SOD_SEGMENT_ROLE    \\u2192 RoleEntity\\n  \\u2502     \\u251C\\u2500\\u2500 groups     \\u2192 SOD_SEGMENT_GRP     \\u2192 GroupEntity\\n  \\u2502     \\u251C\\u2500\\u2500 resources  \\u2192 SOD_SEGMENT_RES     \\u2192 ResourceEntity\\n  \\u2502     \\u2514\\u2500\\u2500 organizations \\u2192 SOD_SEGMENT_ORG  \\u2192 OrganizationEntity\\n  \\u2514\\u2500\\u2500 mitigatingControls \\u2192 SOD_POLICY_MC \\u2192 SodMitigatingControl (SOD_MITIGATING_CONTROL)\\n\\nSodExemption\\n  \\u2514\\u2500\\u2500 references: user, sodPolicy, entitlementType, entitlementId\\n\")), mdx(\"p\", null, \"Boolean flags (\", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"active\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"exceptionsAllowed\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"managerCanHandleSpv\"), \") are stored as \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"Y\"), \"/\", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"N\"), \" in the database via \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"YesNoConverter\"), \".\"), mdx(\"hr\", null), mdx(\"h2\", null, \"Caching architecture\"), mdx(\"ul\", null, mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"All SoD policies are cached in \", mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"Redis\"), \" (\", mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"SodPolicyCacheList\"), \") for fast access during entitlement evaluations.\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"The cache is refreshed automatically whenever a policy is created or updated.\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Cache refresh is propagated via \", mdx(\"strong\", {\n    parentName: \"li\"\n  }, \"RabbitMQ\"), \" (\", mdx(\"inlineCode\", {\n    parentName: \"li\"\n  }, \"SodPolicyMQListener\"), \") to all service nodes.\")), mdx(\"hr\", null), mdx(\"h2\", null, \"Enumerations Reference\"), mdx(\"table\", null, mdx(\"thead\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"thead\"\n  }, mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Enum\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Values\"))), mdx(\"tbody\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"SodSeverity\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"SOFT\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"HARD\"))), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"SodViolationMode\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"DIRECT\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"INDIRECT\"))), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"SodMitigatingControlAssigneeType\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"USER\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"GROUP\"))), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"SodMitigatingControlReviewFrequency\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"ANNUALLY\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"SEMI_ANNUALLY\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"QUARTERLY\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"MONTHLY\"))), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"UserEntitlementType\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"ROLE\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"GROUP\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"RESOURCE\"), \", \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"ORGANIZATION\"))))));\n}\n;\nMDXContent.isMDXComponent = true;","tableOfContents":{"items":[{"url":"#core-concepts","title":"Core concepts","items":[{"url":"#policy","title":"Policy"},{"url":"#policy-segments","title":"Policy segments"},{"url":"#mitigating-controls","title":"Mitigating controls"}]},{"url":"#configuration","title":"Configuration","items":[{"url":"#creating-a-policy","title":"Creating a policy"},{"url":"#searching-policies","title":"Searching policies"},{"url":"#deleting-a-policy","title":"Deleting a policy"}]},{"url":"#violation-detection","title":"Violation detection","items":[{"url":"#how-violations-are-detected","title":"How violations are detected"},{"url":"#triggering-detection","title":"Triggering detection"},{"url":"#querying-violations","title":"Querying violations"}]},{"url":"#severity-levels","title":"Severity levels","items":[{"url":"#hard-violation","title":"Hard violation"},{"url":"#soft-violation","title":"Soft violation"},{"url":"#violation-resolution-notification","title":"Violation resolution notification"}]},{"url":"#remediation","title":"Remediation"},{"url":"#integration-with-access-certification","title":"Integration with Access Certification"},{"url":"#reporting","title":"Reporting"},{"url":"#data-model","title":"Data model"},{"url":"#caching-architecture","title":"Caching architecture"},{"url":"#enumerations-reference","title":"Enumerations Reference"}]},"parent":{"relativePath":"admin/7-access-cert/9-segregation-of-duties.md"},"frontmatter":{"metaTitle":"Segregation of Duties (SoD) policies","metaDescription":"An overview of the Segregation of Duties (SoD) policies feature"}},"allMdx":{"edges":[{"node":{"fields":{"slug":"/admin","title":"Administration guide"}}},{"node":{"fields":{"slug":"/appendix","title":"Appendix"}}},{"node":{"fields":{"slug":"/connectorconfig","title":"IdM Connectors"}}},{"node":{"fields":{"slug":"/developerguide","title":"Developer Guide"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice","title":"End user guide for SelfService portal"}}},{"node":{"fields":{"slug":"/getting-started","title":"Getting Started"}}},{"node":{"fields":{"slug":"/","title":"Welcome to the OpenIAM Documentation"}}},{"node":{"fields":{"slug":"/installation","title":"Installing OpenIAM"}}},{"node":{"fields":{"slug":"/changelog","title":"Change log"}}},{"node":{"fields":{"slug":"/ssocatalog","title":"SSO Catalog"}}},{"node":{"fields":{"slug":"/whatsnew","title":"What's new in OpenIAM"}}},{"node":{"fields":{"slug":"/admin/0-login","title":"Logging in to the admin portal"}}},{"node":{"fields":{"slug":"/admin/1-exportimport","title":"Import / Export"}}},{"node":{"fields":{"slug":"/troubleshooting","title":"FAQ / Troubleshooting"}}},{"node":{"fields":{"slug":"/admin/1-usradmin","title":"User administration"}}},{"node":{"fields":{"slug":"/admin/10-password","title":"Password policy"}}},{"node":{"fields":{"slug":"/admin/10-consent-management","title":"Consent management"}}},{"node":{"fields":{"slug":"/admin/12-administration","title":"Administration"}}},{"node":{"fields":{"slug":"/admin/13-selfregistration","title":"Self-registration"}}},{"node":{"fields":{"slug":"/admin/15-audit","title":"Audit"}}},{"node":{"fields":{"slug":"/admin/14-Help.Desk.User.Profile.Protection","title":"HelpDesk profile protection"}}},{"node":{"fields":{"slug":"/admin/16-admin-pswd-change","title":"Password reset for administrator's account"}}},{"node":{"fields":{"slug":"/admin/18-services-passwd-change-k8","title":"Password update for OpenIAM services in Kubernetes"}}},{"node":{"fields":{"slug":"/admin/17-services-manual-passwd-change","title":"Manual password update for OpenIAM services in RPM"}}},{"node":{"fields":{"slug":"/admin/19-reports","title":"OpenIAM report services"}}},{"node":{"fields":{"slug":"/admin/20-virtual-tentant-by-org","title":"Enabling a virtual tenant by organization"}}},{"node":{"fields":{"slug":"/admin/21-graph-rebuild","title":"Rebuilding OpenIAM's in-memory authorization graph"}}},{"node":{"fields":{"slug":"/admin/22-token-session-util","title":"Session management utility for RPM"}}},{"node":{"fields":{"slug":"/admin/3-authz","title":"Managing access"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov","title":"Requests / Approval"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle","title":"Automated provisioning"}}},{"node":{"fields":{"slug":"/admin/4-app-onboarding","title":"Application onboarding"}}},{"node":{"fields":{"slug":"/admin/8-sso","title":"Federation / SSO to applications"}}},{"node":{"fields":{"slug":"/admin/2-authentication","title":"Authentication"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy","title":"Access gateway"}}},{"node":{"fields":{"slug":"/appendix/1-self-signedcert","title":"Generate Self-signed Cert"}}},{"node":{"fields":{"slug":"/appendix/2-openssl","title":"Install OpenSSL"}}},{"node":{"fields":{"slug":"/appendix/3-installopenldap","title":"Install OpenLDAP on Ubuntu"}}},{"node":{"fields":{"slug":"/appendix/4-prepforprod","title":"Prepare for Production"}}},{"node":{"fields":{"slug":"/changelog/11-Release-4.2.1.5","title":"Release 4.2.1.5"}}},{"node":{"fields":{"slug":"/changelog/12-Release-4.2.1.6","title":"Release 4.2.1.6"}}},{"node":{"fields":{"slug":"/changelog/14-Release-4.2.1.8","title":"Release 4.2.1.8"}}},{"node":{"fields":{"slug":"/changelog/15-Release-4.2.1.9","title":"Release 4.2.1.9"}}},{"node":{"fields":{"slug":"/changelog/16-Release-4.2.1.10","title":"Release 4.2.1.10"}}},{"node":{"fields":{"slug":"/changelog/17-Release-4.2.1.11","title":"Release 4.2.1.11"}}},{"node":{"fields":{"slug":"/admin/7-access-cert","title":"User access review"}}},{"node":{"fields":{"slug":"/changelog/13-Release-4.2.1.7","title":"Release 4.2.1.7"}}},{"node":{"fields":{"slug":"/changelog/19-Release-4.2.1.13","title":"Release 4.2.1.13"}}},{"node":{"fields":{"slug":"/changelog/20-Release-4.2.1.14","title":"Release 4.2.1.14"}}},{"node":{"fields":{"slug":"/changelog/22-v2026.1.1","title":"Changelog for v2026.1.1"}}},{"node":{"fields":{"slug":"/changelog/21-Release-4.2.1.15","title":"Release 4.2.1.15"}}},{"node":{"fields":{"slug":"/changelog/23-v2026.5.2","title":"Changelog for v2026.5.2"}}},{"node":{"fields":{"slug":"/connectorconfig/2-configparam","title":"Connector parameters"}}},{"node":{"fields":{"slug":"/changelog/18-Release-4.2.1.12","title":"Release 4.2.1.12"}}},{"node":{"fields":{"slug":"/connectorconfig/4-troubleshootingconnector","title":"Provisioning operations troubleshooting"}}},{"node":{"fields":{"slug":"/connectorconfig/SAPUME","title":"SAP UME connector"}}},{"node":{"fields":{"slug":"/connectorconfig/adp","title":"ADP connector"}}},{"node":{"fields":{"slug":"/connectorconfig/LDAP","title":"LDAP connector"}}},{"node":{"fields":{"slug":"/connectorconfig/JDBC","title":"JDBC connector"}}},{"node":{"fields":{"slug":"/connectorconfig/gsuite","title":"GSuite connector"}}},{"node":{"fields":{"slug":"/connectorconfig/freeIPA","title":"FreeIPA connector"}}},{"node":{"fields":{"slug":"/connectorconfig/aws","title":"AWS connector"}}},{"node":{"fields":{"slug":"/connectorconfig/aerospike","title":"Aerospike connector"}}},{"node":{"fields":{"slug":"/connectorconfig/linux","title":"Linux connector"}}},{"node":{"fields":{"slug":"/connectorconfig/oracle","title":"Oracle RDBMS connector"}}},{"node":{"fields":{"slug":"/connectorconfig/oracleebs","title":"Oracle EBS connector"}}},{"node":{"fields":{"slug":"/connectorconfig/postgresql","title":"PostgreSQL connector"}}},{"node":{"fields":{"slug":"/connectorconfig/rexx","title":"Rexx connector"}}},{"node":{"fields":{"slug":"/connectorconfig/salesforce","title":"Salesforce.com connector"}}},{"node":{"fields":{"slug":"/connectorconfig/sap","title":"SAP S/4 Hana connector"}}},{"node":{"fields":{"slug":"/connectorconfig/scim","title":"SCIM connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft","title":"Microsoft Application Connectors"}}},{"node":{"fields":{"slug":"/connectorconfig/scriptConnector","title":"Groovy Script connector"}}},{"node":{"fields":{"slug":"/connectorconfig/tableau","title":"Tableau connector"}}},{"node":{"fields":{"slug":"/connectorconfig/workday","title":"Workday connector"}}},{"node":{"fields":{"slug":"/developerguide/1-custom-css","title":"Customizing branding"}}},{"node":{"fields":{"slug":"/developerguide/10-OpenIAM-opensource-rep","title":"OpenIAM open source repository"}}},{"node":{"fields":{"slug":"/developerguide/11-groovy-scripts","title":"Groovy Script Management"}}},{"node":{"fields":{"slug":"/developerguide/2-api","title":"RESTful API"}}},{"node":{"fields":{"slug":"/developerguide/3-whitelisting","title":"Whitelisting packages"}}},{"node":{"fields":{"slug":"/developerguide/4-scheduledtasks","title":"Batch/Scheduled tasks"}}},{"node":{"fields":{"slug":"/developerguide/5-datamodel","title":"Data model"}}},{"node":{"fields":{"slug":"/developerguide/6-ide","title":"Script development using an IDE"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization","title":"Synchronization Scripts"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/1-login","title":"Logging in to SelfService portal"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice","title":"Operations via SelfService portal"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/6-singlesignon","title":"Single sign-on"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest","title":"Request management"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/7-useraccess","title":"User access rights"}}},{"node":{"fields":{"slug":"/getting-started/1-what_is_openiam","title":"What is OpenIAM?"}}},{"node":{"fields":{"slug":"/getting-started/2-productarchitecture","title":"Platform architecture"}}},{"node":{"fields":{"slug":"/getting-started/21-concepts","title":"Concepts"}}},{"node":{"fields":{"slug":"/getting-started/3-install_openiam","title":"Installing OpenIAM"}}},{"node":{"fields":{"slug":"/getting-started/31-planning-workforce","title":"Discovery questions"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding","title":"Application onboarding"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning","title":"Automated user provisioning"}}},{"node":{"fields":{"slug":"/getting-started/7-selfservice-pswd","title":"SelfService password reset"}}},{"node":{"fields":{"slug":"/getting-started/5-connecting","title":"Connecting to an authoritative source"}}},{"node":{"fields":{"slug":"/getting-started/9-openiam-as-IdP","title":"Integrating OpenIAM as your IdP"}}},{"node":{"fields":{"slug":"/getting-started/99-multifactor-authentication","title":"Configuring multi-factor authentication"}}},{"node":{"fields":{"slug":"/getting-started/8-openiam-with-IdP","title":"Integrating OpenIAM with your IdP"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation","title":"Deploying via RPM on Linux"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation","title":"Deploying via Docker"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation","title":"Deploying to Kubernetes"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation","title":"Deploying on OpenShift"}}},{"node":{"fields":{"slug":"/installation/8-sizing","title":"Sizing recommendations"}}},{"node":{"fields":{"slug":"/installation/9-data_migration","title":"OpenIAM data migration"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous","title":"Miscellaneous related articles"}}},{"node":{"fields":{"slug":"/ssocatalog/AWS","title":"AWS SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Freshdesk","title":"Freshdesk SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Azure","title":"Azure SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Office365","title":"Office365 SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Gsuite","title":"GSuite SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Salesforce","title":"Salesforce.com"}}},{"node":{"fields":{"slug":"/troubleshooting/cluster","title":"Cluster"}}},{"node":{"fields":{"slug":"/troubleshooting/connectors","title":"Connectors"}}},{"node":{"fields":{"slug":"/troubleshooting/docker","title":"Docker Swarm"}}},{"node":{"fields":{"slug":"/ssocatalog/okta","title":"Okta SSO"}}},{"node":{"fields":{"slug":"/troubleshooting/environment","title":"Environment"}}},{"node":{"fields":{"slug":"/troubleshooting/operational","title":"Operational"}}},{"node":{"fields":{"slug":"/troubleshooting/rpm","title":"RPM"}}},{"node":{"fields":{"slug":"/troubleshooting/v3_update","title":"Update from V3.X to V4.X"}}},{"node":{"fields":{"slug":"/whatsnew/10-v4218","title":"New in v4.2.1.8"}}},{"node":{"fields":{"slug":"/whatsnew/1-v420","title":"New in v4.2.0.0"}}},{"node":{"fields":{"slug":"/whatsnew/11-v4219","title":"New in v4.2.1.9"}}},{"node":{"fields":{"slug":"/whatsnew/12-v42110","title":"New in v4.2.1.10"}}},{"node":{"fields":{"slug":"/whatsnew/13-v42111","title":"New in v4.2.1.11"}}},{"node":{"fields":{"slug":"/whatsnew/14-v42112","title":"New in v4.2.1.12"}}},{"node":{"fields":{"slug":"/whatsnew/15-v42113","title":"New in v4.2.1.13"}}},{"node":{"fields":{"slug":"/whatsnew/16-v42115","title":"New in v4.2.1.15"}}},{"node":{"fields":{"slug":"/whatsnew/16-v422","title":"New in v4.2.2"}}},{"node":{"fields":{"slug":"/whatsnew/17-v2026.1.1","title":"New in v2026.1.1"}}},{"node":{"fields":{"slug":"/whatsnew/20-v2026.3.3","title":"New in 2026.3.3"}}},{"node":{"fields":{"slug":"/whatsnew/18-v2026.3.1","title":"New in v2026.3.1"}}},{"node":{"fields":{"slug":"/whatsnew/22-v2026.5.2","title":"New in v2026.5.2"}}},{"node":{"fields":{"slug":"/whatsnew/21-v2026.4.2","title":"New in v2026.4.2"}}},{"node":{"fields":{"slug":"/whatsnew/23-v2026.6.1","title":"New in v2026.6.1"}}},{"node":{"fields":{"slug":"/whatsnew/7-v4215","title":"New in v4.2.1.5"}}},{"node":{"fields":{"slug":"/whatsnew/8-v4216","title":"New in v4.2.1.6"}}},{"node":{"fields":{"slug":"/whatsnew/9-v4217","title":"New in v4.2.1.7"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/1-createuser","title":"Creating a user"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/10-bulkoperations","title":"Bulk operations"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/11-bulkentitlements","title":"Bulk operations with entitlements"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/12-externaldelegation","title":"Organization level delegation"}}},{"node":{"fields":{"slug":"/whatsnew/20-v2026.4.1","title":"New in v2026.4.1"}}},{"node":{"fields":{"slug":"/whatsnew/18-v2026.2.1","title":"New in v2026.2.1"}}},{"node":{"fields":{"slug":"/whatsnew/19-v2026.3.2","title":"New in v2026.3.2"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/14-add-remove-entitlements","title":"Adding/Removing entitlements"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/15-rehireuserflow","title":"Rehire user flow"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/16-user-conversion","title":"User conversion"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/17-newhireworkflow","title":"New hire workflow configuration"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/18-creating-new-dept-division","title":"Creating a new department or division"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/2-usertypes","title":"Custom user types"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/3-adminoperations","title":"Administrative actions on a User"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/4-pageconfiguration","title":"Configuring page templates"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/5-finduser","title":"User search"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/6-relatedAccount","title":"Related accounts"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/13-unlock-account","title":"Unlocking an account"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/7-customfields","title":"Custom fields"}}},{"node":{"fields":{"slug":"/admin/10-password/1-pswd-compromised","title":"Password breach detection"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/8-serviceaccounts","title":"Service accounts"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/9-orphanmanagement","title":"Orphan management"}}},{"node":{"fields":{"slug":"/admin/12-administration/3-squence-generator","title":"Sequence generators"}}},{"node":{"fields":{"slug":"/admin/12-administration/4-otpconfig","title":"Configure OTP Provider"}}},{"node":{"fields":{"slug":"/admin/12-administration/5-links","title":"External links on login page"}}},{"node":{"fields":{"slug":"/admin/12-administration/7-reconciliationhistory","title":"Reconciliation history"}}},{"node":{"fields":{"slug":"/admin/12-administration/8-aboutopenIAM-page","title":"About OpenIAM Page"}}},{"node":{"fields":{"slug":"/admin/12-administration/6-languages","title":"Managing languages"}}},{"node":{"fields":{"slug":"/admin/12-administration/9-reindex_elasticsearch","title":"Reindex Opensearch"}}},{"node":{"fields":{"slug":"/admin/15-audit/1-audit-events-interpret","title":"Audit events interpretation"}}},{"node":{"fields":{"slug":"/admin/12-administration/99-heartbeat","title":"Heartbeat links"}}},{"node":{"fields":{"slug":"/admin/15-audit/2-audit-log-export-connector","title":"Audit log export connector"}}},{"node":{"fields":{"slug":"/admin/2-authentication/10-fidologin","title":"FIDO-2 authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/1-auth-overview","title":"Configuring authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/11-credentialprovider","title":"Credential provider"}}},{"node":{"fields":{"slug":"/admin/2-authentication/12-certificateauth","title":"Configuring certificate-based authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/13-criiptoauth","title":"Criipto authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/12-account-unlock","title":"Setting up account unlock"}}},{"node":{"fields":{"slug":"/admin/2-authentication/14-duo-auth","title":"Duo authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/15-modernauth","title":"Microsoft Modern authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/2-auth-policy","title":"Authentication policy"}}},{"node":{"fields":{"slug":"/admin/2-authentication/16-external-multiselect-auth","title":"External/multiselect authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/7-otp","title":"OTP over SMS or E-mail"}}},{"node":{"fields":{"slug":"/admin/2-authentication/3-passwordauth","title":"Password-based authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social","title":"Social authentication"}}},{"node":{"fields":{"slug":"/admin/3-authz/10-accessright","title":"Access rights"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig","title":"System configuration"}}},{"node":{"fields":{"slug":"/admin/2-authentication/9-adaptiveauth","title":"Adaptive authentication"}}},{"node":{"fields":{"slug":"/admin/3-authz/1-overview","title":"Introduction to access control"}}},{"node":{"fields":{"slug":"/admin/3-authz/11-contentprovider","title":"Content provider"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus","title":"Menus"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles","title":"Managing roles"}}},{"node":{"fields":{"slug":"/admin/3-authz/3-conflict-groups","title":"Conflict Groups"}}},{"node":{"fields":{"slug":"/admin/3-authz/3-groups","title":"Managing groups"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management","title":"Mail management"}}},{"node":{"fields":{"slug":"/admin/3-authz/4-types","title":"Metadata types"}}},{"node":{"fields":{"slug":"/admin/3-authz/5-resources","title":"Managing resources"}}},{"node":{"fields":{"slug":"/admin/3-authz/6-organization","title":"Managing organizations"}}},{"node":{"fields":{"slug":"/admin/3-authz/8-accesstossoapps","title":"Access to SSO applications"}}},{"node":{"fields":{"slug":"/admin/4-app-onboarding/1-Automated-applications","title":"Connected applications"}}},{"node":{"fields":{"slug":"/admin/4-app-onboarding/2-Manual-applications","title":"Manual applications"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/1-synch","title":"Configuring synchronization"}}},{"node":{"fields":{"slug":"/admin/2-authentication/21-dashboards","title":"Monitoring dashboards"}}},{"node":{"fields":{"slug":"/admin/2-authentication/2-delegatedauth","title":"Managed System authentication"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/10-managedsystemsimulation","title":"Managed system simulation mode"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/11-provisioning-config","title":"Configure Provisioning"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/12-LDAP-managedsys-config","title":"LDAP Managed system configuration"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/2-incrementalsynch","title":"Incremental synchronization"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/3-recon","title":"Configure reconciliation"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/6-managedsystem-config","title":"Managed system configuration"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/5-recon-groovy","title":"Groovy Scripts for Reconciliation"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/9-importorganization","title":"Import Organizations"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/8-importentitlements","title":"Import entitlements"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/1-application-category","title":"Application categories"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/2-approval-flow","title":"Approval flow"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/4-post-request","title":"After request has been approved"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/3-manualTasks","title":"Manual tasks"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/5-approve-by-email","title":"Approving requests via Email"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/4-birthright","title":"Birthright access"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/10-mitigation-controls","title":"Mitigation controls for SoD"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/11-campaign-dashboard","title":"Campaign dashboard"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/12-campaign-preview","title":"Campaign preview"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/2-risk-event-driven-cert","title":"Risk event driven certification"}}},{"node":{"fields":{"slug":"/admin/3-authz/9-approvalflow","title":"Configuring approval workflows"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/1-entitlmentcert","title":"Entitlement based certification"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/2-usercert","title":"User based review"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/7-questionnaire","title":"Questionnaire"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/2-risk-factor-config","title":"Risk factors configuration"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/3-certification-reporting","title":"Certification reporting"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/4-bulk-approval","title":"Allow bulk approval"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/4-membership-tags","title":"Membership tags"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/5-delete-campaign","title":"Deleting an access certification campaign"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/6-campaign-database","title":"Access certification campaigns as database objects"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/7-expiration-policy","title":"Expiration policy"}}},{"node":{"fields":{"slug":"/admin/8-sso/1-saml","title":"Add SAML SP to OpenIAM"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/8-multiple-reviwer-campaigns","title":"Multi-reviewer user access review campaigns"}}},{"node":{"fields":{"slug":"/admin/8-sso/3-oidc","title":"OpenID Connect"}}},{"node":{"fields":{"slug":"/admin/8-sso/5-auth_scopes","title":"OpenIAM oAuth scopes"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/1-formfill","title":"Form Fill"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/3-urlrewriting","title":"URL Rewriting"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/6-example","title":"Examples"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/thesaurus","title":"Access Certification Thesaurus"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/2-headerinj","title":"Header Injection"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/7-rProxy-loadbalancer","title":"Reverse Proxy with Load Balancer"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/9-segregation-of-duties","title":"Segregation of Duties (SoD) policies"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/9-directive-reference","title":"mod_openiam Directive Reference"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/1-powershellconnectorinstallation","title":"Installing PowerShell connectors"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/10-winlocal","title":"WinLocal OpenIAM connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/12-dynamics365FO","title":"Dynamics365 Finance&Operations connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/13-successfactors","title":"SuccessFactors connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/12-WindowsPasswordFilter","title":"AD Password Filter"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/14-psgraph","title":"Microsoft Graph PowerShell connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/15-powershell-generic","title":"Building a custom PowerShell connector for OpenIAM"}}},{"node":{"fields":{"slug":"/admin/8-sso/2-oauth2","title":"oAuth 2.0"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/16-teams","title":"Microsoft Teams connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/2-powershellconnectorsusage","title":"Using PowerShell connectors"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/3-powershellconnectorupdate","title":"Updating PowerShell connectors"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/5-azuread","title":"Entra ID/O365 connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/6-exchange","title":"Exchange connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/7-azuredevops","title":"Azure DevOps connector"}}},{"node":{"fields":{"slug":"/connectorconfig/scriptConnector/GroovyScriptConnector","title":"Configuring Groovy Script connector"}}},{"node":{"fields":{"slug":"/connectorconfig/scriptConnector/connector-request-template","title":"OpenIAM connector request template"}}},{"node":{"fields":{"slug":"/developerguide/1-custom-css/1-customcss","title":"Creating custom CSS"}}},{"node":{"fields":{"slug":"/developerguide/1-custom-css/2-cssexamples","title":"CSS file examples"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman","title":"Getting started with Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python","title":"Getting started with Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java","title":"Getting started with Java"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/9-sqlserver","title":"Microsoft SQL Server connector"}}},{"node":{"fields":{"slug":"/developerguide/4-sheduledtasks/1-provision-on-date","title":"Provision/Deprovision on date"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/8-dynamics365","title":"Dynamics365 connector"}}},{"node":{"fields":{"slug":"/developerguide/5-datamodel/1-usermodel","title":"User data model"}}},{"node":{"fields":{"slug":"/developerguide/8-api/access-certification","title":"/webconsole - access-certification"}}},{"node":{"fields":{"slug":"/developerguide/8-api/access-right","title":"/webconsole - access-right"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/8-kerberos","title":"Setting up Kerberos via rProxy"}}},{"node":{"fields":{"slug":"/developerguide/8-api/audit-log","title":"/webconsole - audit-log"}}},{"node":{"fields":{"slug":"/developerguide/8-api/auth-provider","title":"/webconsole - auth-provider"}}},{"node":{"fields":{"slug":"/developerguide/5-datamodel/2-rbacmodel","title":"Access control model"}}},{"node":{"fields":{"slug":"/developerguide/8-api/authentication-grouping","title":"/webconsole - authentication-grouping"}}},{"node":{"fields":{"slug":"/developerguide/8-api/batch","title":"/webconsole - batch"}}},{"node":{"fields":{"slug":"/developerguide/8-api/challenge-response","title":"/webconsole - challenge-response"}}},{"node":{"fields":{"slug":"/developerguide/8-api/connector","title":"/webconsole - connector"}}},{"node":{"fields":{"slug":"/developerguide/8-api/content-provider","title":"/webconsole - content-provider"}}},{"node":{"fields":{"slug":"/developerguide/8-api/email","title":"/webconsole - email"}}},{"node":{"fields":{"slug":"/developerguide/8-api/field","title":"/webconsole - field"}}},{"node":{"fields":{"slug":"/developerguide/8-api/groovy-manager","title":"/webconsole - groovy-manager"}}},{"node":{"fields":{"slug":"/developerguide/8-api/group","title":"/webconsole - group"}}},{"node":{"fields":{"slug":"/developerguide/8-api/approver-association","title":"/webconsole - approver-association"}}},{"node":{"fields":{"slug":"/developerguide/8-api/idp-oauth","title":"/idp - idp-oauth"}}},{"node":{"fields":{"slug":"/developerguide/8-api/idp-rest","title":"/idp - idp-rest"}}},{"node":{"fields":{"slug":"/developerguide/8-api/it-policy","title":"/webconsole - it-policy"}}},{"node":{"fields":{"slug":"/developerguide/8-api/managed-system","title":"/webconsole - managed-system"}}},{"node":{"fields":{"slug":"/developerguide/8-api/menu","title":"/webconsole - menu"}}},{"node":{"fields":{"slug":"/developerguide/8-api/metadata","title":"/webconsole - metadata"}}},{"node":{"fields":{"slug":"/developerguide/8-api/oauth","title":"/webconsole - oauth"}}},{"node":{"fields":{"slug":"/developerguide/8-api/organization-type","title":"/webconsole - organization-type"}}},{"node":{"fields":{"slug":"/developerguide/8-api/elastic-search","title":"/webconsole - elastic-search"}}},{"node":{"fields":{"slug":"/developerguide/8-api/organization","title":"/webconsole - organization"}}},{"node":{"fields":{"slug":"/developerguide/8-api/page-template","title":"/webconsole - page-template"}}},{"node":{"fields":{"slug":"/developerguide/8-api/policy","title":"/webconsole - policy"}}},{"node":{"fields":{"slug":"/developerguide/8-api/report","title":"/webconsole - report"}}},{"node":{"fields":{"slug":"/developerguide/8-api/resource-type","title":"/webconsole - resource-type"}}},{"node":{"fields":{"slug":"/developerguide/8-api/role","title":"/webconsole - role"}}},{"node":{"fields":{"slug":"/developerguide/8-api/sync-config","title":"/webconsole - sync-config"}}},{"node":{"fields":{"slug":"/developerguide/8-api/sync-rest","title":"/webconsole - sync-rest"}}},{"node":{"fields":{"slug":"/developerguide/8-api/resource","title":"/webconsole - resource"}}},{"node":{"fields":{"slug":"/developerguide/8-api/system","title":"/webconsole - system"}}},{"node":{"fields":{"slug":"/developerguide/8-api/uri-pattern","title":"/webconsole - uri-pattern"}}},{"node":{"fields":{"slug":"/developerguide/8-api/user","title":"/webconsole - user"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/1-autoprov","title":"Automated provisioning Scripts"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import","title":"Import from application"}}},{"node":{"fields":{"slug":"/developerguide/8-api/property-value","title":"/webconsole - property-value"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/4-relations-with-manager","title":"Populating a manager"}}},{"node":{"fields":{"slug":"/developerguide/4-sheduledtasks/2-access-certification-reminder","title":"Notification reminders for approvers"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/1-forgotpassword","title":"Forgot password"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/2-updateprofile","title":"Updating user profile"}}},{"node":{"fields":{"slug":"/developerguide/8-api/ui-theme","title":"/webconsole - ui-theme"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/3-changepassword","title":"Updating your password"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/4-outofoffice","title":"Out of office assistant"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/5-forgotusername","title":"Forgot username"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/1-servicecatalog","title":"Requesting access via catalog"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/11-accessprofiles","title":"Access profiles"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/12-bulkupload","title":"Uploading users in bulk"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/13-workflowsoverview","title":"Workflows Overview"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/6-updatesecquestions","title":"Updating security questions"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/3-importing_groups","title":"Importing groups from application"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/10-positionchange","title":"Position change request"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/5-approverequest","title":"Approving requests"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/7-requesthistory","title":"Requests history"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/8-newgroup","title":"Creating a group request"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/6-requestadministration","title":"Request administration"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/9-newuser","title":"Creating a new user"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/7-useraccess/1-viewmyaccess","title":"View my access"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/7-useraccess/3-UAR-in-Self-Service","title":"User access review module in SelfService"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/7-useraccess/2-directreports","title":"View direct reports"}}},{"node":{"fields":{"slug":"/getting-started/31-planning-workforce/1-designrole","title":"Designing business roles"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/2-jobprofile","title":"Requesting access from profile"}}},{"node":{"fields":{"slug":"/getting-started/31-planning-workforce/3-connector-planning","title":"Connector requirements"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements","title":"Importing entitlements"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements","title":"Importing users and their entitlement memberships"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial","title":"Automated provisioning tutorial"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/1-jml","title":"Joiners, movers, leavers processes"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/10-ha-rpm","title":"High availability (HA) deployment using RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/1-singlenode","title":"Single VM Install"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/11-configuration-options","title":"Configuration options in RPM"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/1-connect","title":"Deploying and registering connectors"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/2-rproxy","title":"r-Proxy installation in RPM"}}},{"node":{"fields":{"slug":"/getting-started/31-planning-workforce/2-openiam-access-role","title":"Designing access roles"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/4-backup","title":"RPM backup / recovery"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/12-migrating-onpremises-to-cloud","title":"Migrating OpenIAM from on-premises installation to a cloud-based infrastructure"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/5-ports","title":"Deployment architecture in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-migrating-non-production-to-production-environment","title":"Migrating non-production to production environment in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/7-remoteDB","title":"Installing OpenIAM with a remote database in RPM environment"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading","title":"Upgrading OpenIAM in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/8-ssl","title":"Configuring HTTPS in RPM"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/2-Configuration-options","title":"Configuration options in Docker"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading","title":"Upgrading OpenIAM in Docker environment"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/4-YAML-files","title":"Docker YAML files"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/6-externalDB","title":"Installing OpenIAM with a remote database in Docker"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/5-docker-swarm-backup","title":"Backup / restore in Docker Swarm"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/10-backup-and-restoration","title":"Backup and restoration procedure in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/1-ssl","title":"Configuring HTTPS in Kubernetes"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/1-https","title":"Configuring HTTPS on Docker"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/12-vault-migration-fromRPM-toK8","title":"Migration of Vault from RPM-based cluster to Kubernetes-based OpenIAM cluster"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/11-common-scenario","title":"Installing OpenIAM in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/9-rabbitssl","title":"Enable TLS for RabbitMQ in RPM"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/13-image-migration-guide","title":"Image migration script"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/2-deployment-with-terraform","title":"Deploying OpenIAM with Terraform"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/3-depl-without-terraform","title":"Deploying OpenIAM on Kubernetes using Helm"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/4-RabbitMQ-TLS","title":"RabbitMQ TLS directory in Kubernetes"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading","title":"Upgrading OpenIAM in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms","title":"Kubernetes Platforms"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/8-AKS_with_ext_MSSQL","title":"Deploying OpenIAM on AKS (Kubernetes) with an external MSSQL database"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/9-remoteDB","title":"Installing OpenIAM with a remote database in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/2-connect-to-cluster","title":"Connect to OpenShift cluster on Azure"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/4-some-descriptions-helm","title":"Memory requirements for OpenShift deployment with Helm"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/5-localhost-dev-cluster","title":"Localhost development cluster"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/6-deploy-from-windows","title":"Deploy OpenIAM to OpenShift cluster with Helm (from Windows)"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/3-deploy-OpenIAM-helm","title":"Deploy OpenIAM to OpenShift cluster with Helm"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/7-useal-keys-restoration","title":"Backing up and restoring the vault unseal keys in Kubernetes"}}},{"node":{"fields":{"slug":"/installation/9-data_migration/1-migrating_ES_Docker","title":"Verifying and migrating Elasticsearch data in Docker-based OpenIAM cluster"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/01-log4j","title":"Log4j Vulnerability"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/02-hardening","title":"Securing your installation"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/03-db-switch","title":"Change OpenIAM product database"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/04-compatibility","title":"Compatibility matrix"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/1-create-cluster","title":"Creating an OpenShift cluster on Azure"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/05-postgres-install","title":"Installing PostgreSQL 15"}}},{"node":{"fields":{"slug":"/installation/99-miscellaneous/04-compatibility","title":"Compatibility Matrix"}}},{"node":{"fields":{"slug":"/troubleshooting/cluster/2-rabbitmq-UI","title":"RabbitMQ is not reached from UI in RPM installations"}}},{"node":{"fields":{"slug":"/troubleshooting/cluster/1-rabbitmq-reinit","title":"RabbitMQ cluster went out of order"}}},{"node":{"fields":{"slug":"/troubleshooting/cluster/3-Rabbitmq-connection-timeout","title":"RabbitMQ  connection timeout issue"}}},{"node":{"fields":{"slug":"/installation/8-sizing/1-small-k8","title":"Small Enterprise - K8"}}},{"node":{"fields":{"slug":"/installation/8-sizing/2-medium-k8","title":"Medium Enterprise - K8"}}},{"node":{"fields":{"slug":"/troubleshooting/connectors/sync-vs-async-source","title":"Synchronous vs. asynchronous synchronization source for connectors"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/1-connectorlogs","title":"View container logs"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/2-containersrestart","title":"Containers Restarting"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/3-uninstall","title":"Remove an OpenIAM Docker Install"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/4-troubleshooting-steps","title":"Troubleshooting steps in a container-based cluster"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/5-log-checking-guide","title":"Docker log checking guide"}}},{"node":{"fields":{"slug":"/troubleshooting/environment/disableswap","title":"Disable swap"}}},{"node":{"fields":{"slug":"/troubleshooting/environment/memoryutili","title":"Check memory utilization"}}},{"node":{"fields":{"slug":"/troubleshooting/environment/redismemory","title":"Redis memory utilization"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/JDBC-connection-pool","title":"Increasing the JDBC connection pool size"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/activationlink","title":"Error when sending activation link"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/access-forbidden","title":"Access Forbidden error"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/audit-doc-timestamp","title":"Audit document timestamp issue"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/auth-manager","title":"Backend exception error when running authentication manager"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/database-reset","title":"Database reset"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/elasticsearch-readonly-state","title":"Elasticsearch read-only state"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/increasing-RAM","title":"Increasing memory for OpenIAM services"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/debug-logs-CassandraJanusGraph","title":"Enabling and disabling debug logs for Cassandra and JanusGraph"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/access-after-migration","title":"Access problem after migrating OpenIAM"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/pad-block-corrupted","title":"PAD Block Corrupted"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/modifly_system_labels_and_messages","title":"Changing system labels and messages"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/remove-navigation-bar","title":"Removing menu items from top navigation bar"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/lackof_disk_space","title":"Running out of disk space"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/report-generation-issue","title":"Error during report generating in RPM installations"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/resetting_passwords","title":"Resetting passwords"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/run_flyway_repair_mode","title":"Run Flyway in repair mode"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/username_in_selfservice","title":"Username not shown in SelfService"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/unlocksysadmin","title":"Unlock sysadmin"}}},{"node":{"fields":{"slug":"/troubleshooting/rpm/failed-dependencies","title":"Failed dependencies"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/flyway_version","title":"Flyway version issue"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/my-application-page-selfservice","title":"Changing refresh time for My Applications page in SelfService"}}},{"node":{"fields":{"slug":"/troubleshooting/rpm/trobleshooting_guide","title":"Troubleshooting guide for RPM"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/4-pageconfiguration/1-userpage","title":"Configuring user page templates"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/4-pageconfiguration/2-customuserpage","title":"Creating more custom user edit pages"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/4-pageconfiguration/4-customtemplates","title":"Custom form templates"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/1-system","title":"System tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/2-regex-validation","title":"Validation regular expressions"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/3-UI","title":"UI tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/4-workflow","title":"Workflow tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/6-password","title":"Password tab"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/overriding-app-properties","title":"Overriding UI application properties"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/7-authentication","title":"Authentication tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/5-organization-tab","title":"Organization tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/1-emailtemplates","title":"Email templates"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/2-smtpconfig","title":"Mailbox Configuration"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/3-multilanguagemail","title":"Multilanguage emails"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/9-health-checks","title":"Configuring health checks for managed systems"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/4-mail-via-azure","title":"Mailbox configuration via Azure application"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/8-auditeventstosyslog","title":"Exporting audit events to syslogs"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social/4-appleidsociallogin","title":"AppleID Social Login"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social/3-linkedinsociallogin","title":"LinkedIn Social Login"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus/1-enduseraccess","title":"End-user access roles"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus/2-adminaccess","title":"Admin access role"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus/3-FAQ","title":"FAQs about menus and their use"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus/4-Config-Lhand-menu-SS-MyInfo","title":"Configurable left-hand menu in SelfService 'My Info' page"}}},{"node":{"fields":{"slug":"/admin/3-authz/3-groups/1-create-group","title":"Creating a group"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/5-alert-notifications","title":"Configuring alert notifications"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/6-email-template-variables","title":"Email template variables reference"}}},{"node":{"fields":{"slug":"/admin/4-app-onboarding/2-Manual-applications/1-reg-applications","title":"Register applications"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social/1-googlesociallogin","title":"Google Social Login"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social/2-facebooksociallogin","title":"Facebook Social Login"}}},{"node":{"fields":{"slug":"/admin/8-sso/1-saml/1-jit-provisioning","title":"Just-in-time Provisioning"}}},{"node":{"fields":{"slug":"/admin/8-sso/2-oauth2/1-Auth-code-grand","title":"Authorization code grant type"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles/1-role-types","title":"Types of roles existing in OpenIAM"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles/2-createrole","title":"Create role"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles/3-findrole","title":"Finding an existing role"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles/5-importingroles","title":"Importing roles"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/10-winlocal/1-winlocalv4","title":"Version 4"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/1-createauthprovider","title":"Create OpenIAM Provider for Postman"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/10-winlocal/2-winlocalv5","title":"Version 5"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/2-postmanconfig","title":"Create Postman collection"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/11-provisioning-config/1-prepost-processor","title":"Pre/PostProcessor"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/3-add-request","title":"Define an API request in Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/6-example","title":"Client credentials flow with a defined scope in Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/5-postman-links","title":"Postman API documentation links"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/1-createauthprovider","title":"Create OpenIAM oAuth provider in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/2-grantinguathz","title":"Granting authorization to the API with Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/3-api-call-examples","title":"API calls examples in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/4-enabling-disabling-user","title":"Enabling/Disabling a user with API calls examples in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/5-object-oriented-impl-example","title":"Object oriented implementation for REST API in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/6-OTP-verification","title":"OTP Verification in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/4-calls-examples","title":"API calls examples in Java"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/5-enabling-disabling-users","title":"Enabling/Disabling a user with API calls examples in Java"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/4-JWT-tokens","title":"Getting started with JWT tokens in Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/2-grantauthz","title":"Granting authorization to the API with Java"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/1-autoprov/1-newhires","title":"New hires"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/3-azuread","title":"Entra ID"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/6-importroles","title":"Import Roles"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/1-connect/2-rpm","title":"Connectors via RPM"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/1-createauthprovider","title":"Create OpenIAM Provider"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/1-connect/3-docker","title":" Connectors via Docker"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/1-connect/4-k8","title":" Connectors via Kubernetes"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/2-transformationscripts","title":"Transformation scripts"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/3-creating-searching-users","title":"Creating and searching a user with API call in Java"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/1-configuring-synch","title":"Configuring synchronization for importing entitlements"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/2-transformationscripts","title":"Transformation scripts"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/3-common-questions","title":"Common questions"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/1-provisioningCSV","title":"Creating a synchronization configuration for the source"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/2-policymap","title":"Policy map"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/3-creatingrole","title":"Creating role"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/5-transfer","title":"Transfer"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/6-termination","title":"Terminations"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/1-singlenode/1-rpm-with-internet","title":"Installation with Internet access"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/1-singlenode/2-rpm-no-internet","title":"Installation without Internet access"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/1-singlenode/3-nonroot-partition","title":"Installing OpenIAM on a non-root partition"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/1-config-synch","title":"Configuring synchronization for importing users and their entitlement memberships"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/5-ports/1-one-node","title":"Single node deployment"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/5-ports/2-three-node","title":"Three node cluster"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/3-troubleshooting","title":"Troubleshooting"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/10-upgrading-2026-4-2","title":"Upgrading OpenIAM to v.2026.4.2 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/2-upgradingto-42110","title":"Upgrading from version 4.2.1.5-4.2-4.2.1.8 to version 4.2.1.10 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/3-upgradingto-42111","title":"Upgrading from versions 4.2.1.9-4.2.1.10 to version 4.2.1.11 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/4-migrating-index-data","title":"Migration of index data from older ElasticSearch versions to newer one"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/4-birthright","title":"New hire"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/5-upgradingto-42115","title":"Upgrading from versions 4.2.1.x to version 4.2.1.15 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/6-infra-upgrade-42113","title":"Infrastructure upgrade in v4.2.1.13"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/5-infrastructure_upgrade","title":"Infrastructure upgrade"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/7-upgradingto-422","title":"Upgrading OpenIAM from versions 4.2.1.x to 2026.6.1 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/8-upgrade2026.5.2","title":"Upgrading notes for v.2026.5.2 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/8-upgrade2026.6.1","title":"Upgrading notes for v.2026.6.1 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/1-databasemigration","title":"Database migration from version 3.X to 4.X"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/8-upgrading-2026-2-1","title":"Upgrading OpenIAM to v.2026.2.1 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/8-upgrading-2026-3-1","title":"Upgrading OpenIAM to v.2026.3.1 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/8-upgrading-2026-3-2","title":"Upgrading OpenIAM to v.2026.3.2 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/4-upgradingto-42112","title":"Upgrading from versions 4.2.1.x to version 4.2.1.12 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/7-remoteDB/2-postgres","title":"Installing OpenIAM with a remote Postgres database in RPM environment"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/7-remoteDB/3-MSSQL","title":"Installing OpenIAM with a remote MSSQL database in RPM environment"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/7-remoteDB/1-oracle","title":"Installing OpenIAM with a remote Oracle database in RPM environment"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading/1-upgrade-4219","title":"Upgrade from version 4.2.1.5-4.2.1.8 to version 4.2.1.10 in Docker"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading/2-upgrade-42110","title":"Upgrade from version 4.2.1.9 to version 4.2.1.10 in Docker"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading/3-upgrade-42111","title":"Upgrade from version 4.2.1.10 to version 4.2.1.11 in Docker"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading/4-upgrade-42115","title":"Upgrade from version 4.2.1.x to version 4.2.1.15 in Docker"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/4-upgrade-42115k8","title":"Upgrading from versions 4.2.1.x to version 4.2.1.15 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/5-upgrade-42112k8","title":"Upgrading from version 4.2.1.x to version 4.2.1.12 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/6-upgrade-422k8","title":"Upgrading from version 4.2.1.x to version 4.2.2 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/3-upgrade-42113k8-rabbitmq","title":"Upgrading from version below 4.2.1.8 to version 4.2.1.13 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/7-upg-notes20206.5.2","title":"Upgrading notes for v.2026.5.2 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/9-422-changes","title":"Known issues related to upgrading from 4.2.1.x to 2026.4.1 version"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms/1-gce","title":"GCE Kubernetes guide"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms/2-aws","title":"AWS Kubernetes guide"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms/3-helm","title":"Private Kubernetes Cluster using Helm"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms/4-azure","title":"Azure Kubernetes Guide"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/ldap/1-ldapvalidation","title":"Synchronization Validation Script"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/ldap/3-ldapattributeslists","title":"LDAP Attribute list for User Synchronization"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/2-transformationscripts/1-ADgroup-transformation","title":"Sample transformation script for AD groups"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/ldap/2-ldapsynchusers","title":"LDAP User Synchronization Script"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/2-transformationscripts/3-ADtransformation-usergroup","title":"Sample transformation script for AD users and group memberships"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/2-transformationscripts/4-csv-users-entitlements","title":"Sample transformation script for a CSV file"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/8-upg-notes2026.6.1","title":"Upgrading notes for v.2026.6.1 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/2-transformationscripts/2-csv-transformation","title":"Sample transformation script for a CSV file"}}},{"node":{"fields":{"slug":"/changelog/21-Release-4.2.2","title":"Release 4.2.2"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/4-adpowershell","title":"Active Directory PowerShell connector"}}},{"node":{"fields":{"slug":"/appendix/5-message_en_file","title":"Message properties"}}}]}},"pageContext":{"id":"d54cb482-5441-5af0-a39a-9fbda5530cf6"}},
    "staticQueryHashes": ["2619113677","3706406642","417421954"]}