I've a POC, we need to disable access for one particular application out of the lot whole through Single Sign On policy, if the person hasn't accessed the application for 180 days. This access detail for the application will be maintained in the SQL database.
So, what is the way to have 2 authorization policies one based on AD OU and another based data in SQL(for application access) and disable access for associates who haven't accessed the application for 180 days.
We cannot govern this through the Active Directory as if we disable access for the person who hasn't accessed the application for 180 days then access will be lost for all the applications.
How can this be achieved?
For this case, you will need to create an active policy ( custom policy written in java or c using ca sso sdk) which can be invoked to check the access details from the sql database. If this policy returns false, the user will NOT be authorized.
You can find some sample when you install the sdk.
So that means 2 authorization policies can run simultaneously ? One policy needs to determine the access based upon AD attributes and the second one the status in SQL database ?