Document toolboxDocument toolbox

Synchronize inactive LDAP users to Identity Manager

Use case scenario

An operator wants to synchronize inactive users from LDAP into Identity Manager.

This article describes how to synchronize inactive users via LDAP connection to Smart ID Identity Manager (there is also a use case to Synchronize active LDAP users to Identity Manager). Existing users in Identity Manager will be updated. The tool used to set up the synchronization is Identity Manager Admin. The batch synchronization can also be started manually from Identity Manager Operator. Read more here: section "View status of batch job" in Set up scheduled jobs in Identity Manager.

 Prerequisites

Step-by-step instruction for the administrator

 Log in to Identity Manager Admin
  1. Log in to Identity Manager Admin with your administrator account.
 Schedule the synchronization

To set up scheduling of the synchronization:

  1. In Identity Manager Admin, go to Home > Batch Synchronization.
  2. Select Synchronize inactive LDAP Users to Identity Manager.
  3. To adjust the scheduler, type the appropriate cron expression in Expression to schedule the job.
  4. Click Save.

To see this update in Identity Manager Operator, you must click Clear cache in the Identity Manager Operator UI.

Use case details

 Overview and technical details
Use case description

As an administrator I want to sync inactive users via LDAP connection to Identity Manager

Outcome
  • User is created in Identity Manager if the user does not exist
  • End state for user = "inactive"
  • End state for related credentials = "inactive"/"locked", see details below
  • End state for related certificates = "on hold"/"revoked", see details below
  • The relation from user to credentials still exists
  • All roles for the user are withdrawn
Related credentialsCredentials - end stateCertificates - end state
Card and related certificatesinactiveon hold
Temporary card and related certificateslockedrevoked
Virtual smart card and related certificatesinactiveon hold
Mobile ID and related certificatesinactiveon hold
Soft token and related certificatesinactiveon hold
Symbolic name

UsersAddonLDAPBatchSyncSynchronizeActiveLDAPUsersToIDMUsers 

Process nameSynchronize inactive LDAP Users to Identity Manager
ComponentIdentity Manager Admin
Process startBatch synchronization
Executable forAdministrator

Options

There are no options for this use case.

Additional information


Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions