Hello Kavya
I would agree with the customer's view which associate bulk task as automation - it was suggested as achieving the same result with OOTB functionality.
The process you are after does not exist as a pre configured task / logic and would therefore have to be customized. A task would need to be scheduled on a monthly basis where a custom code will display all the users which are managed by the logged in Admin (ie scope has to be User's admin Attribute == logged in Admin) - customer would then need to select any user which is no longer relevant and therefore should be deleted.
With this requirement is specific to your site, it would be down to the responsible team onsite to establish and configure the exact flow which would work specifically for you. If technical assistance is required with the specific customization, you might choose to engage one of our Professional Services partners as detailed
https://knowledge.broadcom.com/external/article?articleId=140488Regards
Rinat
Original Message:
Sent: Dec 15, 2022 10:53 PM
From: Kavya MTIN
Subject: Review Users via Certification Campaign and disable unwanted user
Hello Broadcom Team,
Thanks! But according to the customer's finding, Using bulk task to disable or delete user is automation not review which is already configured(using termination date).
But currently they want manager to review the users.
Is there is any workaround that Customer can perform to achieve our goal?
Thanks & Regards
Kavya
Original Message:
Sent: Dec 09, 2022 03:24 AM
From: Rinat Matityahu
Subject: Review Users via Certification Campaign and disable unwanted user
Hi Kavya
Identity Governance uses certification to enable designated reviewers to verify that the relationships or links between users, roles, and resources are up-to-date and correct. The complete list of certification types are available in IG
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-governance/14-4/administrating/certification.html#concept.dita_b5d174e6d8667eeefa69b6742a734002c5097a0e_CertificationTypes
Keeping the above in mind, the certification relies on the list of the data (ie existing users) to be a given fact - ie certification of the user existence is not part of the certification process.
The expected way for users to be deleted is via a bulk task associated with a termination date attribute value, which would remove / disable the user at the correct date.
Alternatively, you might want to create a custom logic - ie scan users on daily basis, for example, those without any provisioning roles associated and then consider their relevancy. However, this is likely to cause quite a redundant load, assuming vast majority of users are there to stay.
Thank you
Rinat
Original Message:
Sent: Dec 06, 2022 09:03 PM
From: Kavya MTIN
Subject: Review Users via Certification Campaign and disable unwanted user
Hello Broadcom Team,
From the clients security perspective, Customer want to run certification campaign on monthly basis to review users that are needed or not.
And they want to disable those users which are not need via certification campaign.
In other words, customer want to run certification campaign for users available in Identity Manager to check if they are needed or not.
If they are not needed, manager can perform an action to disable those users in IM and endpoint.
Please advise us if the scenario can be possible or not.
Thanks & Regards
Kavya