Prev
Next
Forums Integration / Customization IPA/ProcessFlow

Removing Identities with IPA

 5 Replies
 0 Subscribed to this topic
 52 Subscribed to this forum
Sort:
Author
Messages
Scooter
Veteran Member
Posts: 83
Veteran Member
8/15/2019 1:34 PM

    We want to remove employee's Identities from Infor Rich Client.

    Our test flow is removing the employee's userid and passwords from each Identity 

    but,  the flow is not deleting the Identity name (e.g. SSOP) from Infor Rich Client when we view the employee, after flow is run.

    We are using a WebRun node with code that works on our PROD environment. 

    What could be missing from our "test" flow that stops it from deleting the employee's Identities?

    Thanks for your assistance. 

    JimY
    Veteran Member
    Posts: 510
    Veteran Member
    8/15/2019 3:07 PM
      When an employee leaves our organization we disable them on the LSF and Landmark sides, but don't remove their identities because they may come back. What would be the reason to delete the identities if you disable them?
      Scooter
      Veteran Member
      Posts: 83
      Veteran Member
      8/15/2019 5:16 PM
        Can Landmark Transaction node delete an employee's Identity (e.g. SSOP)?
        If yes, what Module and Object Name do we use? Thanks.
        Kyle Jorgensen
        Veteran Member
        Posts: 122
        Veteran Member
        8/15/2019 6:54 PM
          We do this via a Landmark Transaction within a Landmark Transaction loop.

          The 'outside loop' finds all identities for a given actor (module=security, objectName=IdentityActory) returning the Service and Identity.
          Then the 'inside transaction' deletes each identity using the Service and Identity from the outside loop (module=security, objectName=Identity,actionName=Delete).
          Joy Currin
          Basic Member
          Posts: 5
          Basic Member
          8/15/2019 7:59 PM
            We currently
            1) disable accounts
            2) remove roles and groups
            3) remove the Requester Identity if it exists using an RMTXN node with an action of delete and the service being the Requester Identity
            4)Inactivates the RQ04 record if one is found.

            The reason we remove identities is because we may rehire the employee into a different position where they may not have the same job duties.
            I would think #3 above would work for the SSOP identity.

            During each iteration of the loop, I also build out an xml file that is then used to run the ssoconfig command at the end of the flow to sync from S3 to Landmark.

            Scooter
            Veteran Member
            Posts: 83
            Veteran Member
            8/15/2019 8:29 PM
              Thanks everyone for your solutions.