I am requesting an enhancement request for the added functionality of "trigger based certification campaigns" to the CA Identity Suite.
The workflow would be an event occurs within an enterprise that would require a recertification on a single entity. This workflow should be triggered by Policy Xpress based on the defined conditions.
Example Use Cases:
- User Termination. A user termination is initiated within the CA Identity Suite. This should trigger a certification campaign on that user and their associated entitlements. Any residual entitlements can subsequently be rejected and removed by the system as part of a user based certification campaign. This ensures all access tied to that user is removed.
- User Transfer. A user transitions to a new position within the company. Changes to a user's attribute or set of attributes should trigger a user based certification campaign to validate old access is removed and new access is appropriate to the new position.
- Role Changes. When a Provisioning Role or Account Template is modified, a role based certification campaign is triggered. All associated entitlements / objects are recertified by the application owner and / or role owner to validate the change was made in accordance to the role model. A secondary approval could be included for the RBAC / INFOSEC / Internal Audit team to validate the changes.