What must be enabled during a refresh to find policy violations?

Enabling the check for active policies during a refresh is essential for identifying policy violations within SailPoint IdentityIQ. When this option is activated, the system will evaluate the current identity data against defined policies during the refresh process. This allows for real-time monitoring and assessment, ensuring that any policy violations are promptly flagged.

This proactive approach is crucial for maintaining compliance and security within an organization, as it aids in identifying potential risks associated with user access rights and role assignments. The relevance of checking active policies becomes even more apparent in environments where compliance is critical, as it directly supports governance efforts.

Other options, while important in their respective roles, do not specifically address the identification of policy violations during a refresh. For example, enabling connector rules pertains to the logic applied in gathering and validating user information rather than assessing compliance with policies. Running data aggregation focuses on consolidating data from various sources to create a unified view rather than checking against policies. Activating reporting features, although beneficial for post-refresh analysis, does not influence the detection of violations during the refresh itself.