Hello experts,
Can someone tell me if we can keep group membership of a group assigned by a business role after termination? We have the AD account deferred for 90 days after termination.
Thank you,
Lu
Hello experts,
Can someone tell me if we can keep group membership of a group assigned by a business role after termination? We have the AD account deferred for 90 days after termination.
Thank you,
Lu
Hi lrigs ,
You need to set the option Retain account definition if permanently disabled on your account definition and Retain groups if permanently disabled on the manage level master data of Full managed.
Thanks,
Pavithra
Hi pavithra ,
Thanks for the advice. I wanted to avoid doing this for all groups. I just want to maintain 1 membership. I see that when a person is removed the following process is generated...
Is there a way to customize this to ignore the name of a group? I think this would get me what I need. I just need to set a condition when delete member on a specific group to not run. We have the adding of the group member as a Business role but want to just keep this on membership and ignore the removal.
There is a SQLStmt if we can somehow set that with a condition or on the process Generating condition.
Thank you,
Lu
What version are you using? Starting with version 9 you can override the inheritance settings from the manage level for a group.
See section Overriding inheritance settings for individual groups in the docs https://support.oneidentity.com/technical-documents/identity-manager/9.2/target-system-base-module-administration-guide/7#TOPIC-2087928
Markus, I am using 9.0 LTS. I will check this out and let you know if this fits my needs. I appreciate your time and help.
Lu