Task Types

The task types are:

• Access History – gathers objects and places them in a queue to create history events related to identities. See Access History Tasks.

• Account Aggregation – scan all applications, discover users and entitlements on those applications, and then correlate those users and entitlements with roles. See Account Aggregation.

• Account Group Aggregation – scans applications and aggregates account groups and application object types. These are then used for group certification (either permissions or membership) or for displaying group information in identity certifications. See Account Group Aggregation.

• Activity Aggregation – scan all applications, discover activity on the applications, and then correlate that activity with identity cubes. This enables you to track and monitor all activity for possible policy violations. See Activity Aggregation.

• Alert Aggregation – scan applications and aggregates alerts from a set of Alert Collectors. These are then used to generate alert actions. See Alert Aggregation

• Alert Processor – process the aggregated alerts against the alert definitions and launch the appropriate action. See Alert Processor

• Application Builder – create multiple IdentityIQ applications or update the attribute map of an existing IdentityIQ application. See Application Builder

• ArcSight Data Export – export data for HP ArcSight Database Connector to an external database table. See ArcSight Data Export

• Data Export – generate a denormalized data report to export to an external database table. See Data Export

• Effective Access Indexing – generate an index of any indirect access that was granted through another object. For example a nested group, an unstructured target, or another role. See Effective Access Indexing

• Encrypted Data Synchronization Task – re-encrypt data with user-generated encryption key. See Encrypted Data Synchronization Task

• Entitlement Role Generator – scans the entitlements in the system and automatically generates a simple role and appropriates a profile for each one that it finds. See Entitlement Role Generator

• File Access Manager Classification – retrieve classification data from File Access Manager and assigns it to entitlements according to correlation logic defined in the applications that aggregate relevant account and group data or in the File Access Manager global configuration settings. See File Access Manager Classification.

• ITIM Application Creator – inspect the IBM Tivoli Identity Manager (ITIM) and retrieve information about the ITIM services (applications). This task auto-generates an application for each service defined in ITIM. See ITIM Application Creator

• Identity IQ Cloud Gateway Synchronization – synchronize the specified objects to the Cloud Gateway. See IdentityIQ Cloud Gateway Synchronization

• Identity Refresh – scan all applications, including the IdentityIQ application, to ensure that all identity information is up-to-date and accurate. Refresh identity scans are also used to detect and report on policy violations and trigger event certifications. See Identity Refresh.

• Identity Request Maintenance – scan for completed Lifecycle Manager access requests. See Identity Request Maintenance.

• Missing Managed Entitlements Scan – scan the selected application to create entitlement objects for items added after the application was last aggregated. See Missing Managed Entitlements Scan

• OIM Application Creator – inspect the OIM application and retrieve information about all connected applications. See OIM Application Creator.

• Policy Scan – runs policies against identity cubes and update identity score cards with any policy violations discovered. See Policy Scan.

• Propagate Role Changes – refreshes identities who have an assigned role whose associated entitlements have changed. See Propagate Role Changes.

• Refresh Logical Accounts – is used to refresh composite accounts for all identities that could, potentially, have a composite account on the composite applications selected. See Refresh Logical Accounts.

• Role Index Refresh – updates all role information and creates the indexes needed to perform role searches. You must run this task before performing any role searching. See Role Index Refresh

• Run Rule – runs the specified rule with name / value pairs. See Run Rule

• Role-Entitlement Associations – deletes existing role-entitlement associations then analyzes each role in the system and creates associations between the role and any granted entitlements. See Role-Entitlement Associations.

• Sequential Task Launcher – launches the specified tasks in the order defined. This enables you to launch tasks that must be run sequentially in the proper order without having to schedule each separately based on estimated run times. See Sequential Task Launcher

• System Maintenance – tasks designed to run in the background.

• Target Aggregation – scan selected applications for activity targets. See Target Aggregation.

See Tasks Page for information on working with these task types.

All task types contain the following standard properties:

Field	Description
Name	The name of the task as defined when the task was created
Description	Brief description of the task.
Previous Result Action	Previous result actions determine how subsequent runs of this task react to existing task results. Delete – overwrite the previous task results with the new information. Rename Old – append a numeral to the name of the old task result. Rename New – append a numeral to the name of the new task result. Cancel – cancel the new run of the task if a task result with the same name exists.
Allow Concurrency	Enable two identical tasks to run at the same time. If enabled, allow concurrency appends a numeric value to the name of the task that started second. If disabled, the second task is cancelled and an exception sent to the requestor.
Require Signoff	Require sign off on the results of this task. Tasks that require sign off generate work items and email notifications that are assigned to the designated signers. Sign off decisions are retained with the task results for tracking purposes.
Host	A comma separated list of host names on which to run this task. If multiple hosts are specified, the task manager selects the first active host If there are no active hosts, or if an incorrect host name is given, the task terminates, and an error message is left in the result.
Number of Runs	The number of times this task has been run.
Average Run Time	The average time it takes to run this task, based on prior runs.
Reset Run Statistics	Reset the statistic if you reconfigure the task and expect the run times to change. When you reconfigure complex tasks like aggregation or refresh, you should consider resetting run statistics. For example, enabling provisioning in the refresh task can profoundly influence run time so statistics should not be diluted by the previous average before provisioning was enabled.
Email Task Alerts
Email Notification	Select a frequency for email notification to be sent upon task completion. Disable – no email notification sent on task completion Warning – send an email notification if the task results in a warning Failure – send an email notification if the task fails Always – always send an email notification upon task completion
Email Notification Template	Select a notification email template from the dropdown list.
Email Recipients	The list of users to receive the task completion notification. Use the dropdown arrow to display all identities, or type the first few letters of a name. select names from the list.