Perform Maintenance

Identity snapshots are copies of Identity data that can be maintained for historical purposes. These snapshots are created during certification generation, and by using the option "Maintain identity histories" in the Identity Refresh task.

Snapshots are deleted by this task according to the expiration days set in the "Days before snapshot deletion" option in the gear menu > Global Settings > IdentityIQ Configuration > Miscellaneous tab.

Deletes the results of any tasks that are complete and do not have pending sign-offs, per the expiration days set in the "Days before task result deletion" option in the gear menu > Global Settings > IdentityIQ Configuration > Miscellaneous tab.

Background requests are created internally by IdentityIQ, to handle future execution, like mitigation expirations, email requests, and sunset/sunrise.

This option deletes background requests whose creation date has passed the requestMaxAge set in the System Configuration object, and uncompleted requests whose expiration has passed.

The timeframe for pruning background requests can only be set in the System Configuration object, using the requestMaxAge parameter; it can not be set in the UI.

Deletes any provisioning transactions older than the age set in the "Days before provisioning transaction event deletion" option of the Provisioning Transaction Log Settings in the gear menu > Global Settings > IdentityIQ Configuration > Miscellaneous tab.

Archives and / or deletes completed certifications based on the expiration days set in the gear menu > Global Settings > IdentityIQ Configuration > Miscellaneous tab.

This option first archives completed certifications; when the archive expiration date is reached, the option deletes the archived certification.

Finds and closes all certifications that have an automatic closing date earlier than right now and that are not yet marked signed.

For more information, see Automatic Closing of Certifications.

Finishing is the final step of a certification after it has been completed / signed off.

This option checks certifications for completion status and any other final validations. If the certification is ready to be finished, this option also generates any needed remediation work items.

Set a number of concurrent threads to use during the task, to improve performance. This option is not supported if you are using partitioning for this task.

The maximum allowable number of threads is five times the number of cores.

This option finds any certifications that have passed their phase transition date, and advances them to the next phase (for example, from an active to a remediation phase).

Finds any certifications that contain items that have been revoked, but not yet marked complete. This option finds all entities requiring remediation, and marks whether entitlements requiring remediation have been remediated. By default, revocations for a certification are only scanned once per day

Escalate any inactive work items to the designated user or workgroup.

Forwarding is determined first by rules configured in the Work Items Rules under the gear menu > Global Settings > IdentityIQ Configuration > Work Items tab. If no rule is specified the item is forwarded to the identity's manager. If the identity does not have a manager, the item is forwarded to the Administrator.

Updates any object whose assigned scope has changed in the scope hierarchy.

Deletes any batch requests older than 30 days.

A syslog event is a capture of an error in the system, including the stack trace of the error.

This option deletes any syslog events older than the age set in the Syslog Settings section of the gear menu > Global Settings > IdentityIQ Configuration > Miscellaneous tab

Processes workflow events that have moved to the background.

The number of threads that should be created to handle background workflow processes.

The number of seconds to wait before aborting the background thread. This variable can be overridden by specifying a variable within the workflow, but by default it is left blank and the thread never times out.

Delete attachments older than 30 days that are not associated with an access request.

For auditing purposes, there is an audit event called Prune Pending Attachments which can be triggered during the cleanup in the System Maintenance Task. To enable auditing for attachment pruning, enable the Prune Pending Attachments option in IdentityIQ's Audit Configuration (gear menu > Global Settings > Audit Configuration).

Delete files attached to abandoned access requests that are older than 12 hours. The attachment is considered "pending" and eligible to be deleted when the attachment file has been uploaded but the request has not been submitted.

This timeframe can be overridden by adding an entry to the System Configuration object called pendingAttachmentPruneAge with a value that represents a number of hours.

Deletes native identity change events that are older than the age specified in the System Configuration.

Deletes records that are unable to be processed

Deletes PostCommitNotificationObjects older than 30 days.

For details about the PostCommitNotificationObject itself, see the IdentityIQ Object Model and Usage technical white paper on Compass.