Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
tutorial:adm:systems_-_ad_remove_group_membership_when_the_contract_is_excluded [2020/03/04 07:54] doischert |
tutorial:adm:systems_-_ad_remove_group_membership_when_the_contract_is_excluded [2021/03/11 18:29] (current) apeterova correction - roles are not removed in IdM, workflow doesn't support skip exclusion on all roles |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Systems - AD: Remove group membership when the contract is excluded ====== | ====== Systems - AD: Remove group membership when the contract is excluded ====== | ||
- | By default, when a contract is excluded, IdM will not remove the account' | + | By default, when a contract is excluded, IdM will not remove the account' |
- | As a result of the setting shown below, when an identity' | + | As a result of the setting shown below, when an identity' |
+ | |||
+ | However, the role will not be removed from the contract. When the exclusion of the identity' | ||
===== Change behavior for individual roles ===== | ===== Change behavior for individual roles ===== | ||
Line 15: | Line 17: | ||
{{ : | {{ : | ||
- | Open the detail by clicking the magnifying glass, you will see this. | + | Open the detail by clicking the magnifying glass. You will see this. |
{{ : | {{ : | ||
- | Open the detail of the attribute ldapGroups by clicking the magnifying glass, you will see this. | + | Open the detail of the attribute ldapGroups by clicking the magnifying glass. You will see this. |
{{ : | {{ : | ||
{{ : | {{ : | ||
- | Check the checkbox next to "Skip value when contract is excluded" | + | Check the checkbox next to "Skip value when contract is excluded" |
===== Set this behavior on using the AD synchronization workflow ===== | ===== Set this behavior on using the AD synchronization workflow ===== | ||
- | Alternatively, | + | Alternatively, |
- | + | ||
- | <note warning> | + | |
<note tip>This requires you to have the current workflow from the Extras module! Older versions will not support this.</ | <note tip>This requires you to have the current workflow from the Extras module! Older versions will not support this.</ | ||
+ | <note tip>For now, the workflow can not be used to set this behavior to all AD roles, only for individual roles set in its configuration.</ | ||
- | First, in the left menu, go to Settings > Configuration. | + | In the left menu, go to Settings > Configuration. |
{{ : | {{ : | ||
- | Then when you click the green button Add, a dialog will open. Type in Key | + | Then when you click the green button Add, a dialog will open. |
- | < | + | Type in Key |
- | and Value " | + | < |
- | {{ : | + | and as a Value, type in the names of the relevant roles separated by comma. You can only use this if your roles do not have a comma in their names! |
- | Click save. During the next synchronization of AD groups, all AD roles will automatically set to be removed from inactive contracts (even existing ones. | + | {{ : |
- | You can also use this workflow to set this behavior for individual | + | Click save. When the next synchronization runs and creates new roles, the roles specified |
- | < | + | If the roles already exist and you want to set this behavior to them during the synchronization, |
- | and as a value, type in the names of the relevant | + | < |
+ | |||
+ | and Value " | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | Click save. During the next synchronization of AD groups, all AD roles specified | ||
- | {{ : |