From philippebriffod at laposte.net Thu Feb 6 09:04:22 2025 From: philippebriffod at laposte.net (philippebriffod at laposte.net) Date: Thu, 6 Feb 2025 09:04:22 +0100 (CET) Subject: [midPoint] Authorization linked to creatorRef Message-ID: <545102605.15321575.1738829062462@wlpnf0208.sys.meshcore.net> ‌Hello, I am trying to implement an authorization to allow users to modify or delete only the objects they have created. He should also be able to define other owner (using assignement with 'owner' relation) To filter on creatorRef, I tried many think like the following but without success:

Is it possible to implement this ? Thanks in advance for your help -------------- next part -------------- An HTML attachment was scrubbed... URL: From patrik.sidler at itconcepts.ch Fri Feb 7 09:51:31 2025 From: patrik.sidler at itconcepts.ch (Patrik Sidler) Date: Fri, 7 Feb 2025 08:51:31 +0000 Subject: [midPoint] Inheritence of Roles assigned to Org Structure Message-ID: Hi Community, I am building my Org-Tree by importing Name, ID, Manager and ParentID from a CSV File. Doring Import, my Org-ObjectTemplate is used to build the Tree (Parent-Child), assign the Manager to each Org and assign the my Org ArcheType. Now we would assign Roles to Orgs in different places in this Org-Tree and those roles must be applied to all Users in this particular Org and also to all Users that are member of any Org that is below this current Org. For example, when I assign Role-A to the top Org of our Org Tree, I want all Employees that are member to any of the Orgs below also get Role-A assigned. Based on the documentstion: https://docs.evolveum.com/midpoint/reference/master/roles-policies/assignment/parentorgref-and-assignments/ I have tried to achive by adding a mapping to my Org-ObjectTemplate that creates an inducement of the ParentOrg to every Org, but at the end my Org-Tree was a big mess. Here the Mapping that I have added to my OrgObjectTempate: Parent Child Mapping for Inducement true strong extension/parentId name c:OrgType c:name inducement Thank you in advance for help or ideas how to proceed with this. Regards, Patrik -------------- next part -------------- An HTML attachment was scrubbed... URL: From izaccknd at gmail.com Sat Feb 8 06:46:31 2025 From: izaccknd at gmail.com (Izaias Pereira dos Santos) Date: Sat, 8 Feb 2025 02:46:31 -0300 Subject: [midPoint] Assign Org Attribute to User Message-ID: Hello, I'm having a hard time trying to implement a way to assign an org to a user and assign an extension/orgId attribute back to the user attribute groups. Initially what I have done is to auto assign groups to the user using assignmentTargetSearch like so: assignment auto-assignment-group organizationalUnit extension/inativo c:OrgType name = $organizationalUnit I've tried to use a groovy script where I search the org using getOrgByName but the problem is that I have no idea how to get the extension attributes from OrgType. Can anyone help me with this problem... -------------- next part -------------- An HTML attachment was scrubbed... URL: From pascal.perichon at u-paris.fr Mon Feb 10 10:03:34 2025 From: pascal.perichon at u-paris.fr (Pascal PERICHON) Date: Mon, 10 Feb 2025 10:03:34 +0100 Subject: [midPoint] Assign Org Attribute to User In-Reply-To: References: Message-ID: Hi, Did you tried to remove the symbol "$" in front of your variable name ? i.e. organizationalUnit instead of $organizationalUnit and inativo instead of $inativo best regards Le 08/02/2025 ? 06:46, Izaias Pereira dos Santos via midPoint a ?crit?: > Hello, > I'm having a hard time trying to implement a way to assign an org to a > user and assign an extension/orgId attribute back to the user > attribute groups. > Initially?what I have done is to auto assign groups to the user using > assignmentTargetSearch like so: > ? ? > ? ? ? ? assignment > ? ? ? ? > ? ? ? ? ? ? auto-assignment-group > ? ? ? ? ? ? > ? ? ? ? ? ? ? ? organizationalUnit > ? ? ? ? ? ? > ? ? ? ? ? ? > ? ? ? ? ? ? ? ? extension/inativo > ? ? ? ? ? ? > ? ? ? ? ? ? > ? ? ? ? ? ? ? ? > c:OrgType > ? ? ? ? ? ? ? ? ? ? > ? ? ? ? ? ? ? ? ? ? ? ? name = $organizationalUnit > ? ? ? ? ? ? ? ? ? ? > ? ? ? ? ? ? ? ? > ? ? ? ? ? ? > ? ? ? ? ? ? > ? ? ? ? ? ? ? ? > ? ? ? ? ? ? > ? ? ? ? > ? ? > > I've tried to use a groovy script where I search the org using > getOrgByName but the problem is that I have no idea how to get the > extension attributes from OrgType. > > Can anyone help me with this problem... > > _______________________________________________ > midPoint mailing list > midPoint at lists.evolveum.com > https://lists.evolveum.com/mailman/listinfo/midpoint From canady at jlab.org Tue Feb 11 15:34:32 2025 From: canady at jlab.org (Michael Canady) Date: Tue, 11 Feb 2025 14:34:32 +0000 Subject: [midPoint] How to manage Administrator accounts associated with Roles Message-ID: Hello everyone, I'm seeking advice on managing administrative accounts tied to specific roles within our organization. Background: We currently create compartmentalized administrator accounts for users based on their roles. For example, if a user is an administrator of a specific server, a new account is created and added to a group called "{server} administrators," granting administrative rights on the designated server(s). We are exploring ways to achieve this effectively, especially when some compartment accounts need to be shared across multiple roles. Questions: 1. Is a "meta" role the best/recommended approach to handle account creation? 2. How should entitlements be managed? Thanks in advance, Michael -------------- next part -------------- An HTML attachment was scrubbed... URL: From vera at evolveum.com Tue Feb 11 15:52:51 2025 From: vera at evolveum.com (Evolveum Marketing) Date: Tue, 11 Feb 2025 15:52:51 +0100 Subject: [midPoint] =?utf-8?q?We=E2=80=99re_Giving_Away_2_Tickets_to_the_?= =?utf-8?q?Midpoint_Community_Meetup_2025?= Message-ID: <15eaac59-ff8a-464d-8deb-a335fd0655a5@evolveum.com> Dear midPoint community, Join our LinkedIn giveaway for a chance to win 2 tickets to the MidPoint Community Meetup (May 12-14, 2025, Bratislava, Slovakia) and elevate your Identity Governance and Administration strategy. Learn how to minimize unauthorized access, automate processes, improve user experience, and strengthen compliance - all while networking with top industry experts. Don't want to wait for the winner to be announced? Secure your Early Bird ticket now for just 349 ? per person! -- Veronika Kolpascikova Marketing Specialist evolveum.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From vera at evolveum.com Thu Feb 13 15:20:42 2025 From: vera at evolveum.com (Evolveum Marketing) Date: Thu, 13 Feb 2025 15:20:42 +0100 Subject: [midPoint] MidPoint Integrations, Partner Series: Authenticating Into MidPoint With SSO by Unicon Message-ID: <0870a9b0-740b-44a0-8955-8e07b93223ba@evolveum.com> Dear midPoint community, We?ve published a session from the MidPoint Integrations, Partner Series, featuring Unicon 's David Mendez and Paul Spaude. In this talk, they explore Single Sign-On authentication in midPoint, demonstrating its implementation as well as midPoint's emergency login and key configurations. Visit our blog to learn more and watch the recording: https://evolveum.com/unicon-authenticating-into-midpoint-with-sso/ -- Veronika Kolpascikova Marketing Specialist evolveum.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From yrevyakin at gmail.com Fri Feb 14 18:05:23 2025 From: yrevyakin at gmail.com (Yakov Revyakin) Date: Fri, 14 Feb 2025 19:05:23 +0200 Subject: [midPoint] Problem with upgrade from 4.8.6 to 4.9.1 Message-ID: Hi all, I have a problem upgrading 4.8.6 -> 4.9.1 When I start Midpoint after DB and binary upgrades I get long list including the following exception: 2025-02-14 18:24:09,119 [REPOSITORY] [midPointScheduler_Worker-2] ERROR (com.evolveum.midpoint.repo.common.activity.run.processing.ItemProcessingGatekeeper): Validity scan (COMBINED) of object UserType:SLi****ch (Se***i Li****ch, ff7a9109-377b-4f04-849f-a5204c732835) failed: Caught PSQLException for insert into m_shadow_partition_def (resourceOid, partition, attached, "table") values (?, ?, ?, ?) com.evolveum.midpoint.util.exception.SystemException: Caught PSQLException for insert into m_shadow_partition_def (resourceOid, partition, attached, "table") values (?, ?, ?, ?) at com.evolveum.midpoint.repo.sqale.SqaleServiceBase.handledGeneralException(SqaleServiceBase.java:110) at com.evolveum.midpoint.repo.sqale.SqaleRepositoryService.modifyObject(SqaleRepositoryService.java:499) Caused by: com.querydsl.core.QueryException: Caught PSQLException for insert into m_shadow_partition_def (resourceOid, partition, attached, "table") values (?, ?, ?, ?) at com.querydsl.sql.DefaultSQLExceptionTranslator.translate(DefaultSQLExceptionTranslator.java:50) at com.querydsl.sql.Configuration.translate(Configuration.java:507) ... 79 common frames omitted Caused by: org.postgresql.util.PSQLException: ERROR: permission denied: "RI_ConstraintTrigger_c_17360" is a system trigger Where: SQL statement "ALTER TABLE m_shadow_default DISABLE TRIGGER ALL;" PL/pgSQL function m_shadow_create_partition() line 60 at EXECUTE at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2733) at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:2420) ... 94 common frames omitted Midpoint works with psql (PostgreSQL) 14.15 (Ubuntu 14.15-1.pgdg22.04+1) This happens only if I jump from latests 4.8 to 4.9. If I upgrade, for example, 4.8.5 to 4.8.6 I have no problems. Could you advise how to solve this behavior? Thanks in advance, Yakov -------------- next part -------------- An HTML attachment was scrubbed... URL: From izaccknd at gmail.com Fri Feb 14 20:13:57 2025 From: izaccknd at gmail.com (Izaias Pereira dos Santos) Date: Fri, 14 Feb 2025 16:13:57 -0300 Subject: [midPoint] Assign Org Attribute to User In-Reply-To: References:

Message-ID: Hi, I managed to fix the issue. Thanks! Em seg., 10 de fev. de 2025 ?s 06:03, Pascal PERICHON via midPoint < midpoint at lists.evolveum.com> escreveu: > Hi, > > Did you tried to remove the symbol "$" in front of your variable name ? > > i.e. organizationalUnit instead of $organizationalUnit and inativo > instead of $inativo > > best regards > > Le 08/02/2025 ? 06:46, Izaias Pereira dos Santos via midPoint a ?crit : > > Hello, > > I'm having a hard time trying to implement a way to assign an org to a > > user and assign an extension/orgId attribute back to the user > > attribute groups. > > Initially what I have done is to auto assign groups to the user using > > assignmentTargetSearch like so: > > > > assignment > > > > auto-assignment-group > > > > organizationalUnit > > > > > > extension/inativo > > > > > > > > c:OrgType > > > > name = $organizationalUnit > > > > > > > > > > > > > > > > > > > > I've tried to use a groovy script where I search the org using > > getOrgByName but the problem is that I have no idea how to get the > > extension attributes from OrgType. > > > > Can anyone help me with this problem... > > > > _______________________________________________ > > midPoint mailing list > > midPoint at lists.evolveum.com > > https://lists.evolveum.com/mailman/listinfo/midpoint > _______________________________________________ > midPoint mailing list > midPoint at lists.evolveum.com > https://lists.evolveum.com/mailman/listinfo/midpoint > -------------- next part -------------- An HTML attachment was scrubbed... URL: From izaccknd at gmail.com Fri Feb 14 20:19:49 2025 From: izaccknd at gmail.com (Izaias Pereira dos Santos) Date: Fri, 14 Feb 2025 16:19:49 -0300 Subject: [midPoint] Delete ldap user on disable Message-ID: Hello, Is it possible to remove a user account from ldap (I'm using OpenLdap) when I disable this user on midpoint? -------------- next part -------------- An HTML attachment was scrubbed... URL: From pascal.perichon at u-paris.fr Mon Feb 17 09:52:48 2025 From: pascal.perichon at u-paris.fr (Pascal PERICHON) Date: Mon, 17 Feb 2025 09:52:48 +0100 Subject: [midPoint] Delete ldap user on disable In-Reply-To: References: Message-ID: <245c3050-d929-4c31-8b90-f7498f7a5772@u-paris.fr> hi, Just play with tag: https://docs.evolveum.com/midpoint/reference/support-4.9/concepts/activation/disable-instead-of-delete For example: ??????????? ??????????????? ??????????????????? ??????????????????????? weak ??????????????????????? $focus/lifecycleState ??????????????????????? ??????????????????????? ??????????????????????????? ??????????????????????????????? ??????????????????????????????????? import com.evolveum.midpoint.schema.constants.SchemaConstants ??????????????????????????????????? return focusExists && (lifecycleState == SchemaConstants.LIFECYCLE_ACTIVE) ??????????????????????????????? ??????????????????????????? ??????????????????????? ??????????????????? ??????????????? ??????????????? ??????????????????? ??????????????????????? ??????????????????????????? ??????????????????????? ??????????????????? ??????????????? ??????????? Best reagards Le 14/02/2025 ? 20:19, Izaias Pereira dos Santos via midPoint a ?crit?: > Hello, > > Is it possible to remove a user account from ldap (I'm using?OpenLdap) > when I disable this user on midpoint? > > > > > _______________________________________________ > midPoint mailing list > midPoint at lists.evolveum.com > https://lists.evolveum.com/mailman/listinfo/midpoint From ssimkova at evolveum.com Mon Feb 17 14:53:36 2025 From: ssimkova at evolveum.com (Simona Simkova) Date: Mon, 17 Feb 2025 14:53:36 +0100 (CET) Subject: [midPoint] LAST MINUTE registration for the midPoint First Steps training in February Message-ID: <445641269.69478.1739800416825.JavaMail.zimbra@evolveum.com> Dear midPoint community, We would like to invite everyone who wants to boost their midPoint knowledge to a [ https://evolveum.com/training-and-certification/midpoint-deployment-first-steps-february-2024-cet-time-zone-online/#evo_training_description | First Steps online training ] which follows an innovative [ https://docs.evolveum.com/midpoint/methodology/first-steps/ | First Steps Methodology.? ] During this training, you will learn how to carry out go-live regardless of data quality from HR, automate the Joiner-Mover-Leaver (JML) processes, manage birthright permissions, and use the latest features such as simulations and smart correlation. The training course is scheduled in February ( 2025/02/24 ? 2025/02/26, starting from 8AM EDT ) and will be led by our Expert Identity Engineer Ivan Noris . To ensure the best learning experience, the amount of participants is limited. Book your seat by registering last minute at our website : [ https://evolveum.com/training-and-certification/midpoint-deployment-first-steps-training-february-2025/#evo_training_sign_up/ | https://evolveum.com/training-and-certification/midpoint-deployment-first-steps-training-february-2025/#evo_training_sign_up/ ] Additionally, do not miss this live opportunity to complete the First Steps course and build a strong foundation for more advanced learning! Our follow-up courses, [ https://evolveum.com/training-and-certification/midpoint-deployment-group-synchronization/ | Group Synchronization ] and [ https://evolveum.com/training-and-certification/midpoint-deployment-intermediate-configuration/ | Intermediate Configuration ] (available soon) require to complete First Steps , as it is a prerequisite for both. Best Regards, Simona Simkova | Business Development Representative [ https://evolveum.com/ ] [ mailto:ssimkova at evolveum.com | ssimkova at evolveum.com ] | [ http://www.evolveum.com/ | www.evolveum.com ] +421 911 449 455 [ https://evolveum.com/upcoming-events/ | ] [ https://www.linkedin.com/company/evolveum ] [ https://twitter.com/evolveum ] [ https://www.facebook.com/evolveum ] Disclaimer: The contents of this e-mail and attachment(s) thereto are confidential and intended for the named recipient(s) only. It shall not attach any liability on the originator or Evolveum s.r.o. or its affiliates. Any views or opinions presented in this email are solely those of the author and may not necessarily reflect the opinions of Evolveum s.r.o. or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. -------------- next part -------------- An HTML attachment was scrubbed... URL: From peter.balcirak at evolveum.com Wed Feb 19 09:42:40 2025 From: peter.balcirak at evolveum.com (Peter Balcirak) Date: Wed, 19 Feb 2025 09:42:40 +0100 Subject: [midPoint] access requests: default validity In-Reply-To: References: Message-ID: Hello Markus, Unfortunately, it is not possible to define a pre-selected value in the validity select box right now. If you would like to use it in the future, please create a feature request for it at support.evolveum.com. The error you've mentioned is indeed a bug. I have reported it, and you can follow it in the link: https://support.evolveum.com/projects/midpoint/work_packages/10459/ Best regards, Peter Bal?ir?k On 1/24/25 11:19, Markus Calmius via midPoint wrote: > Hi, > > (Using midpoint 4.8.5) > > is it possible to specify a default validity in the "shopping cart" > For test purposes, I've configured my checkout as below, but since the > drop-down shows > "choose one" if you don't change that value the access will be forever. > If I do set mandatory to true, and select 1 hour, I get an error: > "At least one field of valid from/to has to be filled in" - which > seems like a bug as I have clearly specified the validity. > > It would be excellent if I could specify the default value of 1 Hour > (or whatever if there are more values) > > Kind regards, > Markus > > > > ? ? > ? ? ? ? true > ? ? > ? ? > true > ? ? ? ? > ? ? ? ? > ? ? ? ? ? ? > ? ? ? ? ? ? ? ? 1 Hour > ? ? ? ? ? ? > ? ? ? ? ? ? PT60M > ? ? ? ? > ? ? > > > > > _______________________________________________ > midPoint mailing list > midPoint at lists.evolveum.com > https://lists.evolveum.com/mailman/listinfo/midpoint -------------- next part -------------- An HTML attachment was scrubbed... URL: From markus.calmius at proton.ch Wed Feb 19 13:15:13 2025 From: markus.calmius at proton.ch (Markus Calmius) Date: Wed, 19 Feb 2025 12:15:13 +0000 Subject: [midPoint] access requests: default validity In-Reply-To: References: Message-ID: Hi Peter, thank you for confirming the bug and suggest to write a feature request. I shall do that! :) Kind regards, Markus On Wednesday, 19 February 2025 at 12:00, midpoint-request at lists.evolveum.com wrote: > Send midPoint mailing list submissions to > midpoint at lists.evolveum.com > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.evolveum.com/mailman/listinfo/midpoint > or, via email, send a message with subject or body 'help' to > midpoint-request at lists.evolveum.com > > You can reach the person managing the list at > midpoint-owner at lists.evolveum.com > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of midPoint digest..." > > > Today's Topics: > > 1. Re: access requests: default validity (Peter Balcirak) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 19 Feb 2025 09:42:40 +0100 > From: Peter Balcirak peter.balcirak at evolveum.com > > To: midpoint at lists.evolveum.com > Subject: Re: [midPoint] access requests: default validity > Message-ID: be15acec-2d23-4de6-b5bb-e4b3eb87b4bb at evolveum.com > > Content-Type: text/plain; charset="utf-8"; Format="flowed" > > Hello Markus, > > Unfortunately, it is not possible to define a pre-selected value in the > validity select box right now. If you would like to use it in the > future, please create a feature request for it at support.evolveum.com. > > The error you've mentioned is indeed a bug. I have reported it, and you > can follow it in the link: > https://support.evolveum.com/projects/midpoint/work_packages/10459/ > > Best regards, > Peter Bal?ir?k > > On 1/24/25 11:19, Markus Calmius via midPoint wrote: > > > Hi, > > > > (Using midpoint 4.8.5) > > > > is it possible to specify a default validity in the "shopping cart" > > For test purposes, I've configured my checkout as below, but since the > > drop-down shows > > "choose one" if you don't change that value the access will be forever. > > If I do set mandatory to true, and select 1 hour, I get an error: > > "At least one field of valid from/to has to be filled in" - which > > seems like a bug as I have clearly specified the validity. > > > > It would be excellent if I could specify the default value of 1 Hour > > (or whatever if there are more values) > > > > Kind regards, > > Markus > > > > > > ? ? > > ? ? ? ? true > > ? ? > > ? ? > > true > > ? ? ? ? > > ? ? ? ? > > ? ? ? ? ? ? > > ? ? ? ? ? ? ? ? 1 Hour > > ? ? ? ? ? ? > > ? ? ? ? ? ? PT60M > > ? ? ? ? > > ? ? > > > > > > _______________________________________________ > > midPoint mailing list > > midPoint at lists.evolveum.com > > https://lists.evolveum.com/mailman/listinfo/midpoint > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: https://lists.evolveum.com/pipermail/midpoint/attachments/20250219/9766b2d2/attachment-0001.htm > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > midPoint mailing list > midPoint at lists.evolveum.com > https://lists.evolveum.com/mailman/listinfo/midpoint > > > ------------------------------ > > End of midPoint Digest, Vol 154, Issue 11 > ***************************************** From yrevyakin at gmail.com Thu Feb 20 12:02:02 2025 From: yrevyakin at gmail.com (Yakov Revyakin) Date: Thu, 20 Feb 2025 13:02:02 +0200 Subject: [midPoint] prune & reconciliation Message-ID: Hi all, I can see that if policyActions are "record" or "enforcement" for policyConstraints "exclusion" (SOD) then I can see appropriate evaluation results after reconciliation if any relevant violations. But if I use "prune" I can't see any changes running reconciliation - conflicting roles are not unassigned. Could someone explain why there is this difference in behavior? Is there any way to force prune during reconciliation? Thanks Yakov -------------- next part -------------- An HTML attachment was scrubbed... URL: From yrevyakin at gmail.com Thu Feb 20 14:37:25 2025 From: yrevyakin at gmail.com (Yakov Revyakin) Date: Thu, 20 Feb 2025 15:37:25 +0200 Subject: [midPoint] prune & reconciliation In-Reply-To: References: Message-ID: After some debugging I understood that prune makes sense only in context of adding a new entity, when it's clear what to leave and what must go. So, prune can't be used during reconciliation. On Thu, 20 Feb 2025 at 13:02, Yakov Revyakin wrote: > Hi all, > I can see that if policyActions are "record" or "enforcement" for > policyConstraints "exclusion" (SOD) then I can see appropriate evaluation > results after reconciliation if any relevant violations. > But if I use "prune" I can't see any changes running reconciliation - > conflicting roles are not unassigned. > Could someone explain why there is this difference in behavior? Is there > any way to force prune during reconciliation? > Thanks > Yakov > -------------- next part -------------- An HTML attachment was scrubbed... URL: From yrevyakin at gmail.com Thu Feb 20 14:39:33 2025 From: yrevyakin at gmail.com (Yakov Revyakin) Date: Thu, 20 Feb 2025 15:39:33 +0200 Subject: [midPoint] prune & reconciliation In-Reply-To: References: Message-ID: more precisely, it can be used during reconciliation only if a new entity is adding On Thu, 20 Feb 2025 at 15:37, Yakov Revyakin wrote: > After some debugging I understood that prune makes sense only in > context of adding a new entity, when it's clear what to leave and what must > go. So, prune can't be used during reconciliation. > > On Thu, 20 Feb 2025 at 13:02, Yakov Revyakin wrote: > >> Hi all, >> I can see that if policyActions are "record" or "enforcement" for >> policyConstraints "exclusion" (SOD) then I can see appropriate evaluation >> results after reconciliation if any relevant violations. >> But if I use "prune" I can't see any changes running reconciliation - >> conflicting roles are not unassigned. >> Could someone explain why there is this difference in behavior? Is there >> any way to force prune during reconciliation? >> Thanks >> Yakov >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From vera at evolveum.com Thu Feb 20 15:56:02 2025 From: vera at evolveum.com (Evolveum Marketing) Date: Thu, 20 Feb 2025 15:56:02 +0100 Subject: [midPoint] =?utf-8?q?We=E2=80=99re_Giving_Away_2_Tickets_to_the_?= =?utf-8?q?Midpoint_Community_Meetup_2025?= In-Reply-To: <15eaac59-ff8a-464d-8deb-a335fd0655a5@evolveum.com> References: <15eaac59-ff8a-464d-8deb-a335fd0655a5@evolveum.com> Message-ID: <7ba41ae4-dd51-4feb-89fe-f2f415e7d760@evolveum.com> Dear midPoint community, Only a few days remain to enter our giveaway and win two tickets to the MidPoint Community Meetup on May 12-14, 2025 - so you can bring someone with you! Join the giveaway on our LinkedIn . You can also take advantage of the Early Bird discount until the end of February and get your ticket for 349 ?. -- Veronika Kolpascikova Marketing Specialist evolveum.com On 11/02/2025 15:52, Evolveum Marketing wrote: > > Dear midPoint community, > > Join our LinkedIn giveaway > > for a chance to win 2 tickets to the MidPoint Community Meetup > (May 12-14, > 2025, Bratislava, Slovakia) and elevate your Identity Governance and > Administration strategy. Learn how to minimize unauthorized access, > automate processes, improve user experience, and strengthen compliance > - all while networking with top industry experts. > > Don't want to wait for the winner to be announced? Secure your Early > Bird ticket > > now for just 349 ? per person! > > -- > > Veronika Kolpascikova > Marketing Specialist > evolveum.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From narendra.challa at cscs.ch Thu Feb 20 12:42:36 2025 From: narendra.challa at cscs.ch (Challa Narendra Kumar Reddy) Date: Thu, 20 Feb 2025 11:42:36 +0000 Subject: [midPoint] Invite a user to register through midPoint Message-ID: ?Hi There, Is there anyway on midpoint where we can restrict and control user registrations and allow the users to register only if they have a valid midpoint invitation. Thanks, NC -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 8249 bytes Desc: not available URL: From pascal.perichon at u-paris.fr Thu Feb 20 17:16:39 2025 From: pascal.perichon at u-paris.fr (=?UTF-8?Q?Pascal_P=C3=89RICHON?=) Date: Thu, 20 Feb 2025 17:16:39 +0100 Subject: [midPoint] Invite a user to register through midPoint In-Reply-To: References: Message-ID: <5fc6a496-c38e-41ee-a055-f3c8c978b530@u-paris.fr> Hi, Of course all is possible, with a little effort, but no solution out of the box for so specific requirement. You should look for Policy Rules or/and Approval to "prune" wrong users, to restrict registration at midPoint identity's creation. best regards ------- *Pascal P?RICHON* Universit? Paris Cit? Le 20/02/2025 ? 12:42, Challa Narendra Kumar Reddy via midPoint a ?crit?: > > Hi There, > > Is there anyway on midpoint where we can restrict and control user > registrations and allow the users to register only if they have a > valid midpoint invitation. > > Thanks, NC > > > _______________________________________________ > midPoint mailing list > midPoint at lists.evolveum.com > https://lists.evolveum.com/mailman/listinfo/midpoint -------------- next part -------------- An HTML attachment was scrubbed... URL: From sashwill at uillinois.edu Fri Feb 21 16:48:31 2025 From: sashwill at uillinois.edu (Ashwill, Steven L) Date: Fri, 21 Feb 2025 15:48:31 +0000 Subject: [midPoint] limiting livesync AD work In-Reply-To: References: Message-ID: Hello, Is there a way that we can limit the livesync task in 4.8.x to simply pick up create events? Once a user is created and we have them linked, we no longer want to react to changes in the AD. Midpoint has authority on the mappings we control and we ignore everything else in the AD and therefore we don't want to process the 1000s of updates that occur daily. We just want to react to a create or delete of a user in the AD and link or unlink the user we have in midpoint STEVEN L ASHWILL Software Engineer Coordinator ? Under the Illinois Freedom of Information Act any written communication to or from university employees regarding university business is a public record and may be subject to public disclosure.?