PrevPrev Go to previous topic
NextNext Go to next topic
Last Post 08/15/2019 4:29 PM by  Scooter
Removing Identities with IPA
 5 Replies
Sort:
You are not authorized to post a reply.
Author Messages
Scooter
Private
Private
Veteran Member
(119 points)
Veteran Member
Posts:55


Send Message:

--
08/15/2019 9:34 AM

    We want to remove employee's Identities from Infor Rich Client.

    Our test flow is removing the employee's userid and passwords from each Identity 

    but,  the flow is not deleting the Identity name (e.g. SSOP) from Infor Rich Client when we view the employee, after flow is run.

    We are using a WebRun node with code that works on our PROD environment. 

    What could be missing from our "test" flow that stops it from deleting the employee's Identities?

    Thanks for your assistance. 

    JimY
    Private
    Private
    Veteran Member
    (1369 points)
    Veteran Member
    Posts:487


    Send Message:

    --
    08/15/2019 11:07 AM
    When an employee leaves our organization we disable them on the LSF and Landmark sides, but don't remove their identities because they may come back. What would be the reason to delete the identities if you disable them?
    Scooter
    Private
    Private
    Veteran Member
    (119 points)
    Veteran Member
    Posts:55


    Send Message:

    --
    08/15/2019 1:16 PM
    Can Landmark Transaction node delete an employee's Identity (e.g. SSOP)?
    If yes, what Module and Object Name do we use? Thanks.
    Kyle Jorgensen
    Programmer/Analyst
    WoodmenLife
    Veteran Member
    (332 points)
    Veteran Member
    Posts:122


    Send Message:

    --
    08/15/2019 2:54 PM
    We do this via a Landmark Transaction within a Landmark Transaction loop.

    The 'outside loop' finds all identities for a given actor (module=security, objectName=IdentityActory) returning the Service and Identity.
    Then the 'inside transaction' deletes each identity using the Service and Identity from the outside loop (module=security, objectName=Identity,actionName=Delete).
    Joy Currin
    Private
    Private
    New Member
    (3 points)
    New Member
    Posts:1


    Send Message:

    --
    08/15/2019 3:59 PM
    We currently
    1) disable accounts
    2) remove roles and groups
    3) remove the Requester Identity if it exists using an RMTXN node with an action of delete and the service being the Requester Identity
    4)Inactivates the RQ04 record if one is found.

    The reason we remove identities is because we may rehire the employee into a different position where they may not have the same job duties.
    I would think #3 above would work for the SSOP identity.

    During each iteration of the loop, I also build out an xml file that is then used to run the ssoconfig command at the end of the flow to sync from S3 to Landmark.

    Scooter
    Private
    Private
    Veteran Member
    (119 points)
    Veteran Member
    Posts:55


    Send Message:

    --
    08/15/2019 4:29 PM
    Thanks everyone for your solutions.
    You are not authorized to post a reply.