Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
tutorial:adm:systems_-_ad_remove_group_membership_when_the_contract_is_excluded [2020/03/04 07:58] doischert [Set this behavior on using the AD synchronization workflow] |
tutorial:adm:systems_-_ad_remove_group_membership_when_the_contract_is_excluded [2021/03/11 18:29] (current) apeterova correction - roles are not removed in IdM, workflow doesn't support skip exclusion on all roles |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Systems - AD: Remove group membership when the contract is excluded ====== | ====== Systems - AD: Remove group membership when the contract is excluded ====== | ||
- | By default, when a contract is excluded, IdM will not remove the account' | + | By default, when a contract is excluded, IdM will not remove the account' |
- | As a result of the setting shown below, when an identity' | + | As a result of the setting shown below, when an identity' |
+ | |||
+ | However, the role will not be removed from the contract. When the exclusion of the identity' | ||
===== Change behavior for individual roles ===== | ===== Change behavior for individual roles ===== | ||
Line 24: | Line 26: | ||
{{ : | {{ : | ||
- | Check the checkbox next to "Skip value when contract is excluded" | + | Check the checkbox next to "Skip value when contract is excluded" |
===== Set this behavior on using the AD synchronization workflow ===== | ===== Set this behavior on using the AD synchronization workflow ===== | ||
- | Alternatively, | + | Alternatively, |
- | + | ||
- | First, I will show you turn this feature | + | |
<note tip>This requires you to have the current workflow from the Extras module! Older versions will not support this.</ | <note tip>This requires you to have the current workflow from the Extras module! Older versions will not support this.</ | ||
- | < | + | < |
In the left menu, go to Settings > Configuration. | In the left menu, go to Settings > Configuration. | ||
Line 39: | Line 39: | ||
{{ : | {{ : | ||
- | Then when you click the green button Add, a dialog will open. Type in Key | + | Then when you click the green button Add, a dialog will open. |
- | < | + | Type in Key |
- | and Value " | + | < |
- | {{ : | + | and as a Value, type in the names of the relevant roles separated by comma. You can only use this if your roles do not have a comma in their names! |
- | Click save. During the next synchronization of AD groups, all AD roles will automatically set to be removed from inactive contracts (even existing ones. | + | {{ : |
- | You can also use this workflow to set this behavior for individual | + | Click save. When the next synchronization runs and creates new roles, the roles specified |
- | < | + | If the roles already exist and you want to set this behavior to them during the synchronization, |
- | and as a Value, type in the names of the relevant roles separated by comma. You can only use this if your roles do not have a comma in their names! | + | < |
- | {{ : | + | and Value " |
+ | |||
+ | {{ : | ||
+ | |||
+ | Click save. During the next synchronization of AD groups, all AD roles specified in the property '' | ||
- | Click save. When the next synchronization runs, all roles specified in the Value here will be set to be removed the contract becomes inactive. |