[midPoint] Unassign user when validTo date is reached

[Hilmar Kistemaker]

Hi all,

I have assigned roles to users with a validFrom and validTo date.

The role gets activated on the validFrom date and the user is added to the
induced groups on the resource. However, when the validTo time is reached,
the role effectiveStatus gets set to Disabled, but the user is not removed
from the groups on the resource.

I did find a few messages here in the lists explaining that tolerant should
be set to false. This is not an option for us, as we do not want every
group on our resources to be governed by Midpoint (yet).

I'm seeking a solution to automatically remove users from a group on the
resource when the validTo date is reached.

If anyone has any insights or recommendations, your help would be greatly
appreciated.

Kind regards,
Hilmar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20230907/a46ab7fe/attachment.htm>