Fulfillment time from review start to action


Using IGA 3.6.1.

I have a situation where a review is started and can run for 7 days.

During that period what was true of the assigned permissions listed in the review might change in the connected system (AD).

In this particular case a group membership can be removed in AD by an administrator or some other way.

The IGA reviewer sees the group in the review and decides that the user shouldn't have that group anymore and selects remove.

After the review is completed it will be fulfilled.

In this case someone has removed the group membership in AD that is marked for removal by IGA.

IGA tries to remove the group membership which fails since the value is already removed.

IGA then proceeds to retry this for a number of days and sends status emails every time about the failure.

Is it possible to tell IGA to use the Permissive Modify Control when performing the LDAP operation against AD so that it doesn't fail (https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ldap/ldap-server-permissive-modify-oid) ?

If not, can we control for how long it will retry and who gets the email?