Book Creator
 Add this page to your book
Book Creator
 Remove this page from your book  

 Manage book(0 page(s))
 Help

Identity state

The identity life cycle is controlled by an identity's state. The state is changed automatically by system - when an identity is created, a default contract to the identity is added.

Identity states:

  • created - identity is enabled. The state is assigned to a newly created identity.
  • no contract - identity is disabled. Identity doesn't have a contract. All contracts were deleted.
  • future contract - identity is disabled. Identity has a valid contract in the future, but not now.
  • valid - identity is enabled. Identity has a valid contract.
  • left - identity is disabled. Identity has invalid contracts only.
  • excluded (~disabled) - identity is excluded (disabled). Identity contracts are excluded (assigned roles are not removed when identity is excluded). This is usually used when the user has parental leave.
  • disabled manually - identity is disabled manually, e.g. by administrator/synchronization. Manually disabled identity can be enabled again only manually (assigned roles are not removed, when identity is disabled manually).

When identity becomes valid (i. e., at least one of their contracts becomes valid) and the identity has an account on at least one target system, then the new password is generated and changed on all identity's accounts ⇒ identity will have the same password in all accounts. Notification (see acc:newPasswordAllSystems template) is sent to identity about which of their accounts were changed.

Synchronization and provisioning

(since 10.8.0) The identity state attribute is possible to provision or synchronize to/from target system. Both types of operation support default transformation to/from string representation on the target system. Transformation to the corresponding identity state during synchronization is case insensitive. When provisioning is performed identity states are represented with following string values and synchronization is able to identify them.

  • created - CREATED
  • no contract - NO\_CONTRACT
  • future contract - FUTURE_CONTRACT
  • valid - VALID
  • left - LEFT
  • excluded (~disabled) - DISABLED
  • disabled manually - DISABLED\_MANUALLY
  • by husniko