search cancel

Revoke Provisioning Role if certification of role has not been completed

book

Article ID: 201393

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

We are using regular Governance role certification campaigns to ensure our users are correctly set in their roles, but are often finding that users are not completing the certification within the allocated time frame and are retaining roles users may not need or require any longer.   How can we ensure those roles are removed even if the user does not complete their certifications?

Environment

Release : 14.2 14.3

Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)
CA IDENTITY GOVERNANCE

Resolution

Governance includes an auto completion option for certification campaigns.


For example if I want all open certifications for a universe named 'Sample' to automatically complete after 7 days and automatically reject all uncompleted certifications:

universe.property.Sample.certification.task.expiration.age.days = 7
universe.property.Sample.certification.campaign.expiration.action = reject