We are using regular Governance role certification campaigns to ensure our users are correctly set in their roles, but are often finding that users are not completing the certification within the allocated time frame and are retaining roles users may not need or require any longer.   How can we ensure those roles are removed even if the user does not complete their certifications?

Release : 14.2 14.3

Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)
CA IDENTITY GOVERNANCE

Governance includes an auto completion option for certification campaigns.


For example if I want all open certifications for a universe named 'Sample' to automatically complete after 7 days and automatically reject all uncompleted certifications:

universe.property.Sample.certification.task.expiration.age.days = 7
universe.property.Sample.certification.campaign.expiration.action = reject