Hello SailPoint Community,
I am looking for guidance on implementing a mechanism in IdentityIQ to prevent or flag provisioning to a target application if a change affects an unusually large number of identities. Specifically, I would like to establish a threshold—for example, 5% of all identities—where any change exceeding this threshold is either stopped automatically or flagged for manual approval.
Does IdentityIQ have any out-of-the-box functionality or best practices for handling such scenarios? Alternatively, are there recommended approaches using rules, workflows, or policies to calculate and enforce such thresholds?
Any insights, examples, or suggestions would be greatly appreciated.
Thank you!
