IDM 12.6.8 and one of the Target system is AD 2012 for user provisioning.
Terminated Users are deleted in AD directly by AD Admin's, requirement here is to delete those users in IDM too. Is it possible to delete IDM users through E/C ?
What is the best way to achieve this use case ?
Perform Explore and Correlate opreration to remove deleted user's entries in Identity Manager.
E/C does not delete the users in IDM by default which may identify the deleted users from target, but no action will be performed on that user.
Is inbound sync enabled? PX can be triggered to do custom operation on Reverse Sync operation.
Yes, inbound sync has been enabled. You are right, we might need to trigger PX to delete the users.
I have similiar requirement with a small change that i want to disable the user in IDM once the user is deleted in AD. Through PX, we can perform disable operation too. Has anyone done this?
Thanks in advance,
If you have inbound sync enabled, IDM by default initiates "Provisioning Delete User" if it detects a Global User Deletion. This mapping can be found in Management Console and you cannot edit this.
May be what you can do is to modify the behavior of admin task "Provisioning Delete User". So that instead of delete user, it merely disables them.
Has anyone implemeted this?
The reason i am asking this is because the CA Support engineer are saying that the solution that we discussed above is not achievable. But looking at this community post, it seems that this is achievable.
I have not implemented what I recommended earlier. You will have to do POC. May be CA Support is forseeing an issue with this approach.