none
Consolidated Email Notification for Group Expiration RRS feed

  • Question

  • Hi All,

    I am stuck up in something where I need your help. We have emails getting triggered via FIM Workflow whenever a group is about to expire 7 days prior to the expiration date. So suppose a user has 7 groups that are going to expire prior to 7 days from today he would recieve 7 email notifications(1 for each group). Now the organization wants to avoid multiple emails triggered to the end user and wants to trigger only 1 email notification consisiting about the information of all the 7 groups thats gonna expire.

    Any suggestions on how this can be achieved?

    Please let me know if you have any suggestions/solution.

    Regards,


    Veena

    Monday, September 21, 2015 12:53 PM

All replies

  • FIM processes each object individually, so Email notifications are triggered in one object. I don't think there is an easy way without some serious development. (Nothing that comes to mind, even so)

    Nosh Mernacaj, Identity Management Specialist

    • Proposed as answer by Peter_Stapf Tuesday, September 22, 2015 7:07 AM
    Monday, September 21, 2015 8:25 PM
  • Hi,

    Nosh ist right, there is now way of doing that in FIM.

    I would suggest to handle that outside of fim.

    You can create a custom activity (own, PowerShell, other) to put information of expiration into an SQL table.

    Then having a seperate (outside) FIM task to read that table once a day for example and send mail notification to users.

    /Peter


    Peter Stapf - ExpertCircle GmbH - My blog: JustIDM.wordpress.com

    Tuesday, September 22, 2015 7:07 AM
  • Thanks for your valuable suggestions Nosh and Peter.

    We have around 250,000 groups in our organization. If we create a PowerShell activity to read the data and trigger email notifications, will the activity be fast enough to read through so many groups on a daily basis and perform the required action?

    I want to understand the performance issues here.

    Regards,


    Veena

    Tuesday, September 22, 2015 9:02 AM
  • Hello,

    hard to say, that depends of the number of expirations a day/hour.

    Most work is done by FIM Service and the sets, the PS to fill the database table will be triggered only when a group expiration occurs. Never done such an amount of objects with PS.

    /Peter


    Peter Stapf - ExpertCircle GmbH - My blog: JustIDM.wordpress.com

    Tuesday, September 22, 2015 9:09 AM
  • Another option is to create a PowerShell script outside of FIM that will query the FIM Service for all groups within the expiration date.  Once you have the results, group them by Owner and send the email notification to each owner with a list of their expiring groups.  You could have this run daily through a Scheduled Task. 

    To ensure the owners don't get emails every day, you could try to constrain the query to all groups with an expiration date 6 to 7 days from today.  This should capture only the groups reaching the 7 day expiration window.

    Cheers,

    Marc


    Marc Mac Donell, VP Identity and Access Solutions, Avaleris Inc.
    http://www.avaleris.com

    Tuesday, September 22, 2015 12:10 PM
  • Thanks Peter and Marc for your suggestions. Shall try this out and get back to this forum with the performance results:)

    Veena

    Thursday, September 24, 2015 7:10 AM