Hello everyone,
I would like to hear your thoughts on how I can meet the following business requirement in RSA Via 6.9.1 P10 -
Application accounts which have not been used in the last 90 days+ should be disabled.
To help meet this requirement, I have tried following approaches -
1) Create a custom task to find accounts with last login < (sysdate) - 90, and then pass that information on to a sub-process which in turn calls a fulfillment workflow to send out disablement notifications. This approach didn't work because in 6.9.1 functionality to call other workflows from a custom task doesn't work. I was told to engage engineering team to look into this.
2) Tried creating a account access rule, but this type of rule doesn't allow me to specify account filtering conditions.
3) Created an account review to capture inactive accounts and then perform a bulk action (as the review owner) to revoke all items. Review ended up creating change requests to disable accounts.
Approach #3 is the closest I got to implementing this use case, but I think this approach has a lot of manual overhead and requires a review to be created just to be able to disable accounts.
I am out of ideas at this time and would love to hear community's thought on this.
Thanks,
Prateek
You may try to create CR using any browser based REST client first. Also attached is 'Workflow' guide by RSA which has detailed steps documented on using web service nodes.
As these accounts will be disabled only at certain conditions which in fact will be very less on daily basis (apart from initial one time run ) I don't think performance will be an issue.