Risk levels
Risk scores of resources and identities are calculated in RoPE and thus do not happen simultaneously, for example, when an analyst modifies the classification tags of a resource or the risk weight of a category in the Omada Identity portal.
The thresholds that control into which risk level a given risk score is translated are configured in the configuration object named "Risk level thresholds".
There are different risk levels for resources and identities in the configuration object. This is needed if you are assigning classification tags (and thereby risk scores) directly to the identities or indirectly via context assignments.
If you are not assigning risk-relevant classification tags to the identities or business contexts, and thereby only using the resource-based risk scores, it is recommended that you align the thresholds for the resources and identities. This way, the identity risk level will reflect the same risk level as the highest-scoring resource risk.
If a risk score is less than the "from score" on the lowest configured threshold, the risk level is computed from this threshold. Similarly, if a risk score is higher than the "to score" on the highest configured threshold, the risk level is computed from this threshold.
The maximum decimal value for thresholds is 999,999,999.
Initiating a survey with a specific risk level
When initiating a new survey (either an access review survey, or an access approval survey), you can scope it on the basis of the Resource risk level or Identity risk level.
To do this, use the Risk Level dropdowns in the "Scoping" part of the survey form.
Viewing the risk level for Identities in surveys
The risk level of Identities and the risk level of the requested resources is visible in access review surveys and access approval surveys.
To view the risk level for a given Identity, open the detailed view for this Identity.
Viewing the risk level for Identities in Access request approval survey forms
In the out-of-the-box solution, the risk levels for Identities are not visible in the survey forms. However, by switching to a new process template for "Approve requested access", you will be able to view the risk levels directly within the Access request approval survey form, without the need of opening the detailed view for each Identity.
To do this:
- Navigate to Setup > Administration > Data management > Process templates.
- Find the two Approve Requested Access process templates.
- The one with the lower index is the one used out of the box. To use the other one, hit CTRL+right-click on it to open the expanded menu and choose Form Data UID. Copy the UID.
- Navigate to Setup > Customer Settings.
- Find the Survey approval process template setting and open it.
- In the Value field, replace the UID with the newly generated UID of the new process template.
- Click OK to accept and close the pop-up.
