SoD Policies

Define separation-of-duties rules that flag conflicting role assignments.

Identity & access

SoD Policies is where admins manage separation-of-duties rules. It has two sections: System Defaults (pre-built, read-only policies) and Custom Policies (your own rules). Each policy has a name, description, framework, severity, and a pair of role patterns that define the conflict, plus a live violation count.

How to use it

Open Settings → SoD Policies.
Click Import template to bulk-add pre-built policy sets (Finance, IT / Engineering, HR, DevOps, Healthcare).
Click Create policy to build a custom rule — set the name, framework, severity, and the two conflicting role patterns.
Toggle a custom policy on or off, or use the edit and delete icons to manage it.
Watch the violation count per policy, and follow conflicts into the Directory and Access Insights SoD matrix.

Tips

System default policies are read-only — they can't be toggled or deleted.
Import shows how many policies were added versus skipped because they already existed.

Open SoD Policies in the app

Jump straight to the feature, or browse the rest of the guides.

Go to SoD Policies All feature guides →

SoD Policies

How to use it

Tips

Related

Open SoD Policies in the app