Previous Topic: How to Configure Workflow for Preventative Identity Policies

Next Topic: Use Case: Approving Titles

Create a Workflow Approval Policy for Preventative Identity Policies

You can configure a task level policy-based workflow process for an admin task. This workflow process includes one or more approval policies that can associate a preventative identity policy with a workflow. CA IdentityMinder executes the workflow when a violation of the associated preventative identity policy occurs.

Note: For more information about task level policy-based workflow processes, see Policy-Based Workflow.

To create a workflow approval policy for preventative identity policies

  1. Modify the admin tasks that allow changes that might trigger a violation of a preventative identity policy.

    For example, if an identity policy violation occurs because a user has the User Manager and User Approver roles, modify the admin tasks that allow administrators to assign roles, such as Create User, Modify User, and Modify Admin Role Members/Administrators.

  2. Click the edit icon next to the Workflow Process field on the Profile tab for the task to add a workflow process.

    CA IdentityMinder displays the Task Level Workflow Configuration screen.

  3. Select Policy Based, then click Add.
  4. In the Approval Rule section, select the Identity Policy Violation object.
  5. In the Identity Policy field select a filter that determines which identity policies trigger the workflow associated with the approval policy.

    In the filter, include the identity policy name, not the identity policy set name.

  6. Configure the Rule Evaluation, Policy Order, and Policy Description fields as needed.
  7. Select a workflow process, then click OK.

    When you select a workflow process, CA IdentityMinder displays additional fields.

  8. Specify approval tasks and approvers as needed.

    CA IdentityMinder associates the workflow process with the preventative identity policy.