Symantec IGA

Expand all | Collapse all

IDM User delete thru Explore/co-relate ?

Jump to Best Answer
  • 1.  IDM User delete thru Explore/co-relate ?

    Broadcom Employee
    Posted 08-16-2017 01:33 PM

    IDM 12.6.8 and one of the Target system is AD 2012 for user provisioning.

     

    Terminated Users are deleted in AD directly by AD Admin's, requirement here is to delete those users in IDM too. Is it possible to delete IDM users through E/C ? 

     

    What is the best way to achieve this use case ?



  • 2.  Re: IDM User delete thru Explore/co-relate ?

    Broadcom Employee
    Posted 08-17-2017 02:15 AM

    Perform Explore and Correlate opreration to remove deleted user's entries in Identity Manager.



  • 3.  Re: IDM User delete thru Explore/co-relate ?

    Broadcom Employee
    Posted 08-18-2017 10:03 AM

    E/C does not delete the users in IDM by default which may identify the deleted users from target, but no action will be performed on that user.



  • 4.  Re: IDM User delete thru Explore/co-relate ?
    Best Answer

    Broadcom Employee
    Posted 08-17-2017 05:15 AM

    Is inbound sync enabled? PX can be triggered to do custom operation on Reverse Sync operation.

     

    Regards,

    Sumeet

     



  • 5.  Re: IDM User delete thru Explore/co-relate ?

    Broadcom Employee
    Posted 08-18-2017 10:02 AM

    Hi Sumeet,

    Yes, inbound sync has been enabled. You are right, we might need to trigger PX to delete the users.



  • 6.  Re: IDM User delete thru Explore/co-relate ?

    Broadcom Employee
    Posted 08-18-2017 02:48 PM

    Awesome.



  • 7.  Re: IDM User delete thru Explore/co-relate ?

    Posted 09-22-2017 06:49 AM

    Team,

    I have similiar requirement with a small change that i want to disable the user in IDM once the user is deleted in AD. Through PX, we can perform disable operation too. Has anyone done this?

    Thanks in advance,



  • 8.  Re: IDM User delete thru Explore/co-relate ?

    Broadcom Employee
    Posted 09-25-2017 03:40 PM

    Hi Sachin,

     

    If you have inbound sync enabled, IDM by default initiates "Provisioning Delete User" if it detects a Global User Deletion. This mapping can be found in Management Console and you cannot edit this.

     

     

     

    May be what you can do is to modify the behavior of admin task "Provisioning Delete User". So that instead of delete user, it merely disables them.

     

    Thanks,

    Praveen Jain



  • 9.  Re: IDM User delete thru Explore/co-relate ?

    Posted 10-17-2017 07:51 AM

    Team,

    Has anyone implemeted this?

    The reason i am asking this is because the CA Support engineer are saying that the solution that we discussed above is not achievable. But looking at this community post, it seems that this is achievable. 

     

    Thanks.



  • 10.  Re: IDM User delete thru Explore/co-relate ?

    Broadcom Employee
    Posted 10-17-2017 10:19 PM

    Hi Rashmeet,

     

    I have not implemented what I recommended earlier. You will have to do POC. May be CA Support is forseeing an issue with this approach.

     

    Thanks,

    Praveen