Using Identity Processing Thresholds for Error Prevention

Identity processing thresholds let you stop lifecycle events (such as joiner, mover, and leaver) before they are fully processed, to protect against dangerous or accidentally-triggered workflows from completing. For example, if someone makes a change in the Human Resources database that accidentally changes the status of an entire department's employees to Terminated, the identity processing threshold can stop IdentityIQ from running a Leaver workflow for hundreds of employees.

Thresholds can be set either as a fixed number, or as a percentage of identities. When a threshold is set, the Identity Refresh task will terminate when the threshold is met, without updating any identities.

Identity processing thresholds can be configured in Rapid Setup (as global setting), and in Lifecycle Events for specific workflows.

In the Identity Refresh task, the Process events option must be enabled in order for identity processing threshold option to take effect. If you want to process events for other purposes but disable the identity processing threshold feature, you can check the Disable identity processing threshold option.

If the processing threshold is triggered, the task result will include a notification that the task has failed, and a localized message provides feedback.

If you are using partitioning in the Identity Refresh task, the threshold works as a cumulative value of all events triggered across all of the partitions.

For more information, see Identity Refresh, Define a Certification Event, and How To Create Lifecycle Events.