Add Deferred Task 

Adds deferred task scanner information to an object. 

Audit Object 

Creates audit log records. 

Authenticate User Credentials 

Authorize Object 

Tests authorization for a subject on an object in the repository. 

Checkin Object 

Commits changes to an object. 

Checkin View 

Commits an updated view. 

Checkout Object 

Locks and retrieves a repository object for editing. 

Adds deferred task scanner information to an object. 

Checkout View 

Gets an updateable view. 

Create Resource Object 

Creates a resource object. 

Create View 

Initializes a new view. 

Delete Resource Object 

Deletes a resource object. 

Deprovision Primitive 

Deprovisions resource accounts. 

Disable Primitive 

Disables resource accounts. 

Disable User 

Disables an Identity Manager user account, resource accounts, or both. 

Email Notification 

Sends email notification of an action. 

Enable Primitive 

Enables resource accounts. 

Enable User 

Enables an Identity Manager user account, resource accounts, or both. 

Get Object 

Retrieves a repository object. 

Get Property 

Retrieves a property. 

Get View 

Gets a read-only view. 

List Resource Objects 

Query Object Names 

Searches for objects with matching attributes. 

Query Objects 

Searches for objects with matching attributes. 

Query Reference 

Refresh View 

Refreshes a view that was previously checked out. 

Remove Deferred Task 

Removes deferred task scanner information from an object. 

Remove Property 

Removes an extended property on an object. 

Reprovision Primitive 

Reprovisions resource accounts. 

Run Resource Actions 

Set Property 

Adds an extended property to an object. 

Unlock Object 

Unlocks an object that was previously checked out. 

Unlock View 

Unlocks a view that was previously checked out. 

Update Resource Object 

Modifies an object managed by a resource. 

Approval 

Performs the fundamental single approver process. 

Approval Evaluator 

Recursively evaluates an Approval Definition Object to implement a complex approval process. 

Allows the form and template to be used to be passed in, but those can be overridden if specified in the set. 

Lighthouse Approval 

Performs the default Identity Manager approval process for assigned organizations, roles, and resources. Uses the Approval Evaluator process. 

Multi Approval 

Distributes approvals among multiple approvers. Users the Approval process for each approver. 

Notification Evaluator 

Recursively evaluates an Approval Definition Object to implement a complex notification process. The structure is expected to be the same as that defined for Approval Evaluator. In the standard workflow, approval definitions and notification definitions are maintained in the same structure. This is not required for a customized workflow. 

Provisioning Notification 

Standard process for notifying administrators after a provisioning operation has completed. 

DeProvision 

Performs the standard steps to deprovision an existing Identity Manager user, with granular control over resource account deletion, Identity Manager user deletion, unlinking, and de-assignment. Individual resource operations are re-tried until successful. 

Provision 

Performs the standard steps to create a new Identity Manager user and provision resource accounts. Individual resource operations are re-tried until successful. 

Set Password 

Changes the password of the Identity Manager account and resource accounts. 

Update User Object 

Checks out a WSUser object, applies a set of changes, and checks in the object. 

Update User View 

Checks out the user view, applies a set of supplied updates, and checks in the user view. 

Update View 

Applies a collection of changes to any view. 

End User Update Groups 

Updates the group assignments on resources (that support groups) assigned to one of a manager’s reports. 

End User Update My Groups 

Updates the group assignments on resources (that support groups) assigned to the logged-in account. 

End User Update Roles 

Updates the role assignments for one of a manager’s reports. 

End User Update My Roles 

Updates the role assignments assigned to the logged-in account. 

End User Update Resources 

Updates the resource assignments and associated attributes for one of a manager’s reports. 

End User Update My Resources 

Updates the resource assignments and associated attributes for the logged-in account. 

Access Review Remediation 

Remediation for a single remediator working with a single UserEntitlement 

Attestation 

Creates a work item for each Attestor, and marks the User entitlement record as APPROVED when all work items complete with approved status, or REJECTED as soon as the first work item rejects. When one work item rejects, all other work items are canceled. 

Launch Access Scan 

Either launches or schedules an Access Scan Task, depending upon the setting provided by the Access Review task. It is directly called from the Access Review Workflow/Task. 

Launch Entitlement Rescan 

Launch a rescan of an Access Scan for a single user 

Launch Violation Rescan 

Launch a rescan of an Audit Policy Scan for a single user 

Multi Remediation 

Remediation for a single Compliance Violation and multiple remediators 

Remediation 

Remediation for a single Remediator working with a single Compliance Violation 

Scan Notification 

Notifies Attestors at the end of each Access Scan that they have pending Attestation work items. Sends one notification to each Attestor, regardless of the number of pendng work items. Also notifies the can owner (if any) that the scan has started and completed. This workflow takes the following input: 

scanName -- name of access scan

scanOwner -- name of access scan owner

recipients -- list of Identity Manager user names which should be notified

notificationType --Valid types include begin, end, attest

userCount -- number of users to be scanned (only on begin)

Standard Attestation 

Creates an Attestation Subprocess for each attestor specified. 

Standard Attestation 

Creates an Attestation Subprocess for each attestor specified. 

Test Auto Attestation 

Facilitates testing new Review Determination rules without creating Attestation work items. This workflow does not create any work items, and simply terminates shortly after it starts. It leaves all User Entitlement objects in the same state that they were created in by the access scan. Use the Terminate and Delete options to clean up the results from access scans run with this workflow. 

Update Compliance Violation 

Mitigates a Compliance Violation 

maxThreads

5 

Identifies the number of concurrent users to work at one time for a single scanner. Increase this value to potentially increase throughput when scanning users with accounts on very slow resources. 

userLock

5000 

Indicates time (in mS) spent trying to obtain lock on user to be scanned. If several concurrent scans are scanning the same user, and the user has resources that are slow, increasing this value can result in fewer lock errors, but a slower overall scan. 

scanDelay

0 

Indicates time (in mS) to delay between issuing new scan threads. Can be set to a positive number to force Scanner to be less CPU-hungry.