Hello,
I am configuring leaver flow. I configure the UNS and AD account definition to be retained when user is inactive and not to retain roles on manage level. For AD everything works OK. ADSAccountInADSGroup gets flag XIsIneffect set to false and group membership is removed in AD. Was expecting same behavior for UNS, but is not the case. I implemented a custom process for remove event for UNSAccountBInUNSGroupB, updated the logic to take into account the flag XIsInEffect. When I enter a leaving date on a Person and start the process 'Lock user accounts from dismissed employees.' all is OK for AD (as explained) and I indeed see that the custom removal process is triggered and the AdHocProjection step is executed. But in the end the role membership is not removed in the target system.
The provisioning for the UNS target system is correctly configured because role assignment and removal from the IT Shop correctly yields role membership assignment and removal.
I understand that it requires some specific logic because when a role (or group) membership is not in effect it actually still exists and adhoc projection would indeed decide that nothing needs to be done.
Thank you in advance for your advice.
Regards.
Mrs. Wilke Jansoone
- Products
- View all products
- Free trials
- Privileged Access Management
- Overview
- Safeguard
- Safeguard On Demand
- Safeguard for Privileged Analytics
- Safeguard for Privileged Passwords
- Safeguard for Privileged Sessions
- Safeguard Remote Access
-
Endpoint Privilege Management
- Privilege Manager for Windows
- Privilege Manager for Unix
- Safeguard Authentication Services
- Safeguard for Sudo
- Access Management
- Identity Governance and Administration
- Active Directory Management
- Log Management
- Solutions
- Resources
- Trials
- Support
- Partners
- Communities