• State Not Answered
  • Replies 2 replies
  • Subscribers 95 subscribers
  • Views 404 views
  • Users 0 members are here
Options
Related

CSMUser - remove account definition also disconnects the CSMUser from Person, how to prevent?

denny breuer
over 1 year ago

Hi,

we have 1IM 9.1.1 installed.

We deploye some users via CSMUser (SCIM), that works so far.

If a user lost the account definition, then the user gets inactive in the target system, what is also intended. Remove is not supported by the target. My problem is, that not only the account definition get´s removed but also the link to the person. If the user then gets the account definition again, 1AM tries to create the user again and freezes. If the account is connected to person before, then everything works fine.

So, my question: How can I prevent the disconnect between CSMUser and Person?

Best, Denny

Parents Reply Children
  • 0 11 months ago in reply to Trevor Pike

    Hi Travor,

    it´s not activated as it only covers deactivation, deferred deletion or security risks. In our case you request via IT Shop access to a specific resource and if you don´t login for XX days, we set a valid to date to the order and remove the access. If the user later needs access again, he simply can do it in the IT shop. But this only works if the Cloud Identity is connected to the person (without Account Definition). Our workaround is to sync once a day the CSMRoot and with Search it re-connects the user. But if we have that one user, who lost access and request it the same day, we produce some mess :(