After you create rules to define policy violations, you select the workflow that will be launched whenever a violation is detected during an audit scan. Identity Manager provides the default Standard Remediation workflow, which provides default remediation processing for audit policy scans. Among other actions, this default remediation workflow generates notification email to each designated Level 1 remediator (and subsequent levels of remediators, if necessary).
Unlike Identity Manager workflow processes, remediation workflows must be assigned the AuthType=AuditorAdminTask and the SUBTYPE_REMEDIATION_WORKFLOW subtype. If you are importing a workflow for use in audit scans, you must manually add this attribute. See (Optional) Import Separation of Duty Rules into Identity Manager for more information.