We have a usecase where we deprovision admin access based on status of accounts via actionable analytics. And there are some error points in this process where its removing access for all when its failing.
Is there a way to set a threshold in the analytics, like if threshold is 100, and deprovision task to be created is 120, it does not do anything ?
We do know of options of putting limit in queries, but here we won't be able to know how many were ought to be created.
And limiting from the deprovision task provision threshold would be also an option, but it would be more of reactive , and it wont send any email notification too.
You can add Provisioning Threshold under Security System.
The provisioning threshold is a value set on the application level to restrict processing tasks if the number of tasks exceeds the configured provisioning threshold. The default value set is 5000 for any type of task in Provisioning Threshold.
To add the provisioning threshold value, perform the following steps:
For example, when Provisioning Job (WSRetry Job) executes and if the number of remove access tasks is greater than the provisioning threshold set at the application level, then job skips to process the remove access tasks for this specific application.
Yes, I am aware of this. But this would be more of reactive measure, and there is no provision to Email also if trigger is crossed.
I was looking more from Analytics level which would not automatically create deprovision task if some threshold is breached.