Enforce scoping in Identity Manager approval process
Article ID: 201142
Updated On:
Products
CA Identity Manager
CA Identity Governance
CA Identity Portal
CA Identity Suite
Issue/Introduction
Scenario:
A customer has a number of organizations, and for each organization they have a respective administrator to approve requests made by users from that organization.
A customer wants an approval process where resolvers are Admin Role members.
Issue:
Emails are sent to all the members of the Admin Role regardless of what organization they belong.
Environment
Release : 14.X
Component : Identity Manager
Cause
Scoping is not clearly explained in Identity Manager documentation
Resolution
For both policy based and non-policy based workflow when participant resolvers are configured as Admin Role members, there is a possibility to enforce scoping:
If 'Enforce Scoping' is set as on the above picture, emails are sent to users who:
- Are members of selected Admin Role(s)
- Belong to the same organization as requesting user
Feedback
Yes
No
Powered by
