Previous Topic: Use Case: Preventing Users from Having Conflicting Roles

Next Topic: Identity Policy Violations in Approval Tasks

Workflow and Preventative Identity Policies

When a preventative identity policy is configured to issue a warning, you can define a task level policy-based workflow process, which is associated with the identity policy, for tasks that may trigger a violation. For example, if an identity policy prohibits Senior Accountants from being members of the IT department, you define a task level policy-based workflow process on the Create User and Modify User tasks.

All work items that are generated as a result of task level policy-based workflow must be approved before CA IdentityMinder executes the task. Approvers see a work list item when they log into the User Console. When the approver clicks the work list item, an approval task, which includes the warning message that describes the violation, appears. The approver can choose to approve or reject the task, based on the violation.

Policy-based workflow processes are associated with preventative identity policies by the policy name.

More information:

Policy-Based Workflow