Hi Idm Experts,
I am looking for some help and advice in regards to user deprovisioning. I am trying to get a clear understanding of the user deprovisioning process and was wondering if anyone knows of any good documentation on this which I can review.
The issue I am having is that the user is being deleted before all of the deprovisioning of roles has occurred and the ABAP subsystem have had there memberships revoked.
So when a user is terminated in HCM and is written to the identity store with MX_DISABLED and MX_LOCKED set to 1, all of the assigned roles are removed straight away, also including all of the PRIV:$rep:ONLY privileges. IDM starts going through the modify process but does not seem to complete successfully
and the user is deleted before all of the deprovisioning has taken place.
I have been using the standard Provisioning job via the framework and when IDM gets to switch task "Check for account privilege" it returns 0 as the User ACCOUNT%rep have been removed, so in the ABAP subsystem it still shows the roles that the user had assigned, this may be normal behaviour but I am unable to find any documents which detail the process.
What I am trying to achieve is that when a user is terminated in HCM that in IDM their account is disabled and the position is removed but leaving the PRIV:$rep:ONLY privileges so that IDM will then deprovision the roles and lock the relevant subsystems.
Thanks for your assistance in advance!