January 10, 2018 at 11:36 am #20440
We’ve got a requirement to expire temporary users after a given time but I can’t even see the user creation date.
Is there a way to retrieve it? Is it possible to have a script in IDM that automatically disable a user after expiration?January 10, 2018 at 1:58 pm #20449Bill NelsonParticipant
Provisioning tools such as OpenIDM have the concept of a sunrise and a sunset date. The sunrise date allows you to configure a user’s accounts ahead of time, but don’t activate them until the sunrise date his reached. Alternately, the sunset date allows you to set an expiration date in which their accounts become automatically disabled (or whatever you choose to do on that date). OpenIDM has a Task Scanner that runs and acts on the scripts associated with these dates.
It seems to me that the sunset date would serve your purpose. In using this functionality, you set the date that the user’s account is to expire when you create the user. A good example is that you set a sunset date for a contractor to be the date of the termination of their contract.
For more information on the Task Scanner and Sunrise/Sunset dates, look here: https://backstage.forgerock.com/docs/idm/5.5/integrators-guide/#task-scannerJanuary 10, 2018 at 2:13 pm #20451
Thanks Bill, that was useful.January 10, 2018 at 4:09 pm #20454
I’ve created a task as per the example but the records are not being modified.
Looking at the tasker’s log I see:
So the tasker did find a matching record but for some reason didn’t process it.January 10, 2018 at 5:55 pm #20459Mike JangSpectator
Just checked a hunch — if you’re working with IDM 5.5, and have set up user self-registration, you should be able to get date info related to new users from audit/activity.audit.json.
I tried it, and I see the following info in my version of that file:
….January 10, 2018 at 6:04 pm #20465
I managed to get it work following this guide: https://backstage.forgerock.com/docs/idm/5.5/integrators-guide/#task-scanner
For some reason the property used in the query filter has to be an Object (not mentioned in the guide), otherwise it fails
`WARNING: Taskscanner failed with unexpected exception
org.forgerock.json.JsonValueException: /0/expiry: Expecting a Map or List’
Just seems strange that the tasker logs doesn’t report it as a failure.
- This reply was modified 4 years, 8 months ago by ivano.vingiani.
You must be logged in to reply to this topic.