I have a request from my business users to be notified more frequently when orphans are identified in their application, ideally upon identification. These are the options that I am aware of, but hoping someone has found a better solution:
- (Our current manual process) Biweekly, send an email to all business owners informing them that they have 1 or more orphan accounts that have not been remediated.
Cons: Business states this is not frequent enough. - Increase the frequency of option 1.
Cons: More manual process. If we increase the frequency too much we risk over-notifying, duplicate notifying because we haven't given them enough time to remediate, or promoting the bad behavior of users creating outlook rules to send to junk. - Create an Admin Error rule to notify the business user when the collector is unable to find a user mapping.
Cons: Configuration is to a named individual, versus a role such as business owner. Must be setup for each business source. The message is a system generated error : "EC[360] Context[RunID=123456, ADC(Name=MyADC, ID=1)] Message[Account Data Validation: User Account Mapping data is invalid. Specified users couldn't be resolved.]", Cannot limit the scope of messages to only send Orphan related messages. - Instruct business owners to log in more frequently to check for orphans.
Cons: Business doesn't want to log in unless there is some action to be taken.
While some of these solutions sounds like they would work just fine, I still haven't found a process that satisfies the masses, and have a bit of a goldilocks paradox on my hands. Hence, reaching out to see of anyone has found a solution that's "just right".
Thanks,
Bill
v6.9.1 P17 in transition to 7.0.1 P02
Yes, that is my understanding. By default it is not exposed in the GUI. I guess it was never really supposed to be used by customers and was more of a prototyping feature for RSA developers...or something like that. Don't quote me on that though