Accessing Policy Manager

Policy Manager can be accessed in the Governance module and selecting a policy page on the left-hand navigation menu.

In order to access Policy Manager, you must be granted at least one of the policy roles in at least one account. Contact your account administrator to obtain access if needed. For more detail on the different policy roles, see the policy roles pages.

Applying a Policy

All Flexera policies are published to the Policy Catalog, shown below, where users can browse for policies that meet their needs. In addition to Flexera policies, your organization can develop and publish their own policies to the catalog as well. The policies are organized by category and can be searched by using the Filter bar at the top of the page.

Once you've found a policy that is relevant, click through to the README to read about the details of how the policy works and what actions are supported. To put a policy in place, press the Apply button to configure the policy for your environment. Each policy may contain different configuration items based on what the policy does, but all policies have some common configuration parameters.

Click on Apply to bring up the apply policy configuration screen where you can configure the different elements of the policy. Each policy will have slightly different configuration parameters depending on the behavior of the specific policy you've selected.

Managing applied policies

Every policy that is currently applied in an account is listed in the Applied Policies page. If you have access to more than one account, use the account picker in the top of the page to change accounts. Clicking on a policy will show the details of the policy, including:

  • when it was applied, when it last ran, and when the next run will be
  • who applied the policy and what configuration parameters they set
  • the original template name, severity, and category of the policy
  • any incidents that are currently active with this policy

To stop a policy, click on the Terminate button at the bottom of the page. Doing so will remove this policy and any related incidents from the system.

If there are any active incidents for this policy, click on the incident link to view detailed information about the incident.

Handling incidents

An incident is created when one or more resources fail the check that the policy performs. You can see the incidents by using the Incidents menu in the left-navigation menu, or by clicking through from an applied policy. The main incidents page shows you how many resources failed the check and indicates whether any incidents have pending approvals before mitigation actions are run.

Selecting an incident will show the details of the incident -- each policy has its own definition of what information to show as part of an incident. Many policies will have some kind of table that displays information about each of the resources that has violated the policy. When a table is present, you can export the data to CSV to work with locally.

In addition to resource information, policies frequently define escalation actions that occur when an incident is detected. These actions vary by policy, but are extremely flexible and can range from simply sending an email to taking an orchestrated set of actions to attempt to remediate the incident. The Actions panel on the right side of the incident display shows the action sequence and status of each action.

Manual approval steps

As part of an action sequence, a policy can define a manual approval step which will pause the action sequence until the action is approved or denied. In such cases, you will see an action in the Pending state and, if you have approval authority, a Deny and Approve button. If the action is denied, the action sequence is terminated. If the action is approved, the action sequence continues to the next action.

If the Skip Approvals checkbox was selected when applying the policy (see the Common configuration parameters section above) then all approvals are automatically approved by the system, and the state for each approval will show Skipped.

The policy dashboard

The policy dashboard provides an overview of all of the policy information in the selected account. It includes a summary of the number of policies running, open incidents, actions awaiting approval, and more. This is a great page to bookmark and start with when you are managing policies on a day-to-day basis.