[midPoint] Disabling User by Last Email Login Date

Thu Feb 17 01:10:14 CET 2022

If anyone is interested I made some progress on this. Currently it will
disable the user but my next step is to have it only disable the projection.

Here is an example of the task:

<task xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
      xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
      xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
      xmlns:s="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3
">
    <name>Disable users last Google login over 2 years</name>
    <ownerRef oid="00000000-0000-0000-0000-000000000002"/>
    <executionState>runnable</executionState>
    <activity>
        <work>
            <iterativeScripting>
                <objects>
                    <type>UserType</type>
                    <query>
                        <q:filter>
                            <q:less>
                                <q:path>extension/lastLogin</q:path>
                                    <expression xmlns="">
                                       <script xmlns="">
                                          <code>
                                              return
basic.parseDateTime('yyyy-MM-dd', (basic.currentDateTime().getYear()-2) +
'-' + (basic.currentDateTime().getMonth()-0) + '-' +
(basic.currentDateTime().getDay()-0));
                                          </code>
                                       </script>
                                    </expression>
                              </q:less>
                        </q:filter>
                    </query>
                </objects>
                <scriptExecutionRequest>
                    <s:disable/>
                </scriptExecutionRequest>
            </iterativeScripting>
        </work>
    </activity>
</task>

Matt Widhalm

On Tue, Feb 15, 2022 at 9:57 AM Matt Widhalm <matthewwidhalm at weber.edu>
wrote:

> I am attempting to disable users by their last Google email login date. I
> am currently importing the last login date and account creation date from
> Google. I have created custom extensions for the attributes
> called creationDate and lastLogin. The data in the attributes is
> formatted as: 2021-01-08T00:04:09.000Z
>
> Ultimately I would like to do the following:
>
> -  If the users' last login is greater than 2 years from today's date, the
> Google account (projection) associated with the user will be disabled.
> -  After 1 year of being disabled the projection associated with the user
> is deleted.
>
> I suspect this would be handled using a scheduled task but that is about
> as far as my knowledge goes. If anyone has any experience with similar
> requirements any help would be appreciated.
>
> Thank you,
>
> Matt Widhalm
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20220216/2599ebd1/attachment.htm>