[midPoint] Automatically disable users outside the validity range
Ivan Noris
ivan.noris at evolveum.com
Thu Feb 24 12:49:01 CET 2022
Hi Luca,
I may be missing something in your requirements, but the standard
behaviour of midPoint already does this:
1. if you use outbound activation/administrativeStatus mappings, it uses
user's activation/effectiveStatus property
2. user's activation/effectiveStatus property is automatically computed
from user's validFrom, validTo and administrativeStatus properties
3. there is a default task Validity scanner, scheduled each 15 minutes
by default, which computes activation/effectiveStatus from the above
mentioned attributes according to current timestamp
Users are considered enabled/disabled within midPoint according to
activation/effectiveStatus (disabled users cannot login to midPoint).
The same is done for outbound mappings as described above.
So if you are using the mappings for activation/administrativeStatus as
we do in numerous samples, and if you are using user's validFrom/validTo
properties, it will work out of the box and enable/disable user's
accounts accordingly.
Please check:
https://docs.evolveum.com/midpoint/reference/concepts/activation/ and
https://docs.evolveum.com/midpoint/reference/resources/resource-configuration/schema-handling/activation/
for reference. (For now, you can ignore the concepts of Delayed delete
or Disable on Unassign which are also described there).
Best regards,
Ivan
On 24. 2. 2022 11:30, Luca Verardo via midPoint wrote:
> Dear Evolveum community,
>
> I'm looking to execute a recurring task that will check the user's
> validity range (Valid To or Valid From) and disable users accordingly
> using today's date.
>
> I've searched for some examples, but I was unable in succeeding with
> the implementation.
>
> Are tasks the correct direction ? If yes, does someone have an example
> of how I could do it ?
>
> Thanks a lot in advance.
>
> Best regards,
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
--
Ivan Noris
Senior Identity Engineer
evolveum.com
More information about the midPoint
mailing list