On some systems, user can be managed only while being active. In order to be able to change his/her settings before he/she actually enters, a mechanism has been introduced where it is possible to set EAV on identity indicating forced activation, globally configure the length of the forced activation together with LRT, which removes that EAV for identities whose forced activation has already expired.
There are 4 configuration items to be set:
| Name | Default value | Description |
| idm.sec.extras.forced.activation.eav.isForcedActive | isForcedActive | The EAV code in the identity main form - boolean flag that the identity is forced active (the EAV code can be changed, but then this configuration item must also be explicitly defined) - this EAV value needs to be used in the transformation scripts for the identity status to the systems where forced activation should be taken into account. |
| idm.sec.extras.forced.activation.eav.forcedActiveFrom | forcedActiveFrom | The EAV code in the identity main form - readonly date since when forced activation is enabled (the EAV code can be changed, but then this configuration item must also be explicitly defined) |
| idm.sec.extras.forced.activation.enabled | false | whether the forced activation feature is enabled, needs to be explicitly set |
| idm.sec.extras.forced.activation.max.duration | 0 | how many days should the forced activation be valid for (0 = identity activated today will be deactivated tomorrow = in the following night run) |
Two EAVs must be created in identity main form
And finally, scheduled task for LRT ResetExpiredIdentityForcedActivationTaskExecutor has to be created to run every night to remove forced activation for identites already expired (their activation date plus configured duration is less than today).