• State Not Answered
  • Replies 3 replies
  • Subscribers 93 subscribers
  • Views 1517 views
  • Users 0 members are here
Options
Related

Disabling a fully managed account without disabling the Person

dani.uet12
over 3 years ago

Hi everyone,

I just came across a scenario where I have a person with accounts on many custom target systems (UNSAccountB). All accounts are fully managed accounts (they inherit accountdisabled check from Person). Now there is a requirement to disable some accounts which are linked with the person as fully managed accounts. Currently, I cannot disable account from Manager tool due to Manage level of the account.

Also, target system administrator disable accounts on his side and I can see in sync editor logs that 1IDM try to disable these accounts at the time of sync but it cannot due to fully managed behavior.

Is there a way to achieve this while keeping the fully managed behavior as well?

on side note: users request entitlements for these accounts from IT shop, this also one of the reason to keep the fully managed behavior.

Best regards,

Daniel

Parents
  • 0 over 3 years ago

    Speaking generally, the ability to request items from the IT Shop is not related to the user account being fully managed.

    The question is, if all user accounts of this target system should be allowed to be disabled or just some user accounts.

    Again, speaking generally, create a custom manage level that doesn't switch the accountdisabled flag based on the state of the person. Assign this manage level to the account in question.

  • 0 over 3 years ago in reply to Markus Weiss-Ehlers

    Hi Markus,

    What I have noticed that people can request products on IT shop successfully but end entitlements are not granted to the account unless account has manage level which has "inherit groups" checked which ultimately "fully managed" account def has.

    Coming back to the questions, yes! I do want that all accounts should be allowed to disable from target system.

    Best regards,

    Daniel

Reply
  • 0 over 3 years ago in reply to Markus Weiss-Ehlers

    Hi Markus,

    What I have noticed that people can request products on IT shop successfully but end entitlements are not granted to the account unless account has manage level which has "inherit groups" checked which ultimately "fully managed" account def has.

    Coming back to the questions, yes! I do want that all accounts should be allowed to disable from target system.

    Best regards,

    Daniel

Children