search cancel

Enforce scoping in Identity Manager approval process

book

Article ID: 201142

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

Scenario:

A customer has a number of organizations, and for each organization they have a respective administrator to approve requests made by users from that organization.
A customer wants an approval process where resolvers are Admin Role members.

Issue:
Emails are sent to all the members of the Admin Role regardless of what organization they belong.

Cause

Scoping is not clearly explained in Identity Manager documentation

Environment

Release : 14.X

Component : Identity Manager

Resolution

For both policy based and non-policy based workflow when participant resolvers are configured as Admin Role members, there is a possibility to enforce scoping:

If 'Enforce Scoping' is set as on the above picture, emails are sent to users who:

  • Are members of selected Admin Role(s)
  • Belong to the same organization as requesting user

Attachments