Identity Policies › Preventative Identity Policies › Workflow and Preventative Identity Policies › Create a Workflow Approval Policy for Preventative Identity Policies

Create a Workflow Approval Policy for Preventative Identity Policies

You can configure a task level policy-based workflow process for an admin task. This workflow process includes one or more approval policies that can associate a preventative identity policy with a workflow. CA Identity Manager executes the workflow when a violation of the associated preventative identity policy occurs.

Note: For more information about task level policy-based workflow processes, see Policy-Based Workflow.

To create a workflow approval policy for preventative identity policies

1. Modify the admin tasks that allow changes that might trigger a violation of a preventative identity policy.

   For example, if an identity policy violation occurs because a user has the User Manager and User Approver roles, modify the admin tasks that allow administrators to assign roles, such as Create User, Modify User, and Modify Admin Role Members/Administrators.

2. Click the edit icon next to the Workflow Process field on the Profile tab for the task to add a workflow process.

   CA Identity Manager displays the Task Level Workflow Configuration screen.

3. Select Policy Based, then click Add.
4. In the Approval Rule section, select the Identity Policy Violation object.
5. In the Identity Policy field select a filter that determines which identity policies trigger the workflow associated with the approval policy.

   In the filter, include the identity policy name, not the identity policy set name.

6. Configure the Rule Evaluation, Policy Order, and Policy Description fields as needed.
7. Select a workflow process, then click OK.

   When you select a workflow process, CA Identity Manager displays additional fields.

8. Specify approval tasks and approvers as needed.

   CA Identity Manager associates the workflow process with the preventative identity policy.