This topic has 5 replies, 3 voices, and was last updated 4 years, 8 months ago by ivano.vingiani.

  • Author
  • #20440

    We’ve got a requirement to expire temporary users after a given time but I can’t even see the user creation date.

    Is there a way to retrieve it? Is it possible to have a script in IDM that automatically disable a user after expiration?

     Bill Nelson

    Provisioning tools such as OpenIDM have the concept of a sunrise and a sunset date. The sunrise date allows you to configure a user’s accounts ahead of time, but don’t activate them until the sunrise date his reached. Alternately, the sunset date allows you to set an expiration date in which their accounts become automatically disabled (or whatever you choose to do on that date). OpenIDM has a Task Scanner that runs and acts on the scripts associated with these dates.

    It seems to me that the sunset date would serve your purpose. In using this functionality, you set the date that the user’s account is to expire when you create the user. A good example is that you set a sunset date for a contractor to be the date of the termination of their contract.

    For more information on the Task Scanner and Sunrise/Sunset dates, look here:


    Thanks Bill, that was useful.


    I’ve created a task as per the example but the records are not being modified.
    Looking at the tasker’s log I see:


    So the tasker did find a matching record but for some reason didn’t process it.

     Mike Jang

    Hi Ivano,

    Just checked a hunch — if you’re working with IDM 5.5, and have set up user self-registration, you should be able to get date info related to new users from audit/activity.audit.json.

    I tried it, and I see the following info in my version of that file:

    “transactionId”: “8260562c-8c1b-4bde-b685-936f22fd27fd-703”,
    “timestamp”: “2018-01-10T16:39:31.749Z”,
    “eventName”: “activity”,
    “userId”: “anonymous”,
    “runAs”: “anonymous”,
    “operation”: “CREATE”,
    “before”: null,
    “after”: {
    “kbaInfo”: [
    “userName”: “mike”,
    “givenName”: “Mike”,


    I managed to get it work following this guide:

    For some reason the property used in the query filter has to be an Object (not mentioned in the guide), otherwise it fails

    `WARNING: Taskscanner failed with unexpected exception
    org.forgerock.json.JsonValueException: /0/expiry: Expecting a Map or List’

    Just seems strange that the tasker logs doesn’t report it as a failure.

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?