Skip to Content
0
Former Member
Oct 28, 2013 at 11:04 PM

IDM 7.2 Deprovisioning

123 Views

Hi Idm Experts,

I am looking for some help and advice in regards to user deprovisioning. I am trying to get a clear understanding of the user deprovisioning process and was wondering if anyone knows of any good documentation on this which I can review.

The issue I am having is that the user is being deleted before all of the deprovisioning of roles has occurred and the ABAP subsystem have had there memberships revoked.

So when a user is terminated in HCM and is written to the identity store with MX_DISABLED and MX_LOCKED set to 1, all of the assigned roles are removed straight away, also including all of the PRIV:$rep:ONLY privileges. IDM starts going through the modify process but does not seem to complete successfully

and the user is deleted before all of the deprovisioning has taken place.

I have been using the standard Provisioning job via the framework and when IDM gets to switch task "Check for account privilege" it returns 0 as the User ACCOUNT%rep have been removed, so in the ABAP subsystem it still shows the roles that the user had assigned, this may be normal behaviour but I am unable to find any documents which detail the process.

What I am trying to achieve is that when a user is terminated in HCM that in IDM their account is disabled and the position is removed but leaving the PRIV:$rep:ONLY privileges so that IDM will then deprovision the roles and lock the relevant subsystems.

Thanks for your assistance in advance!