Hi All,

We have IDM 4.5.5 and we have around 30K+ roles in the Vault which gives access to AD groups/SAP roles, etc.

On an average, a user in IDM will have minimum 300+ roles assigned. Most of the role assignment have a start and end dates (few of them not having it).

can we use the work order driver to send out role expiry notification to the user?

Ex: If a user has 10 roles and with different end dates, we need to send out ONE Notification Mail to user with all roles expiring within 7 days.

Please let me know if this can be done using work order driver. Also let me know your comments how this can be implemented.

For your info: Currently we are using loopback driver that runs everyday and checks each user for the role expiry date and then it sends out an email containing all roles that are expiring in next 7 days. it works fine. But we thought of using the work order driver for this functionality.

Thanks in advance
-dk