...
Task filters the identities to be deprovisioned based on below conditions:
Condition | |
---|---|
current Identity → TargetSystem → SystemRecurringTaskFeatures | 1cba8799fa0c415e9ebb6c8ed4105c7a task feature has to be active |
current Identity → IdentityType → IdentityTypeFeatures | IsDeprovisioningExternallyActive (9) feature has to not active |
current Identity → IsProvisioned |
|
current Identity → CoreIdentity → ResourceAssignments |
ResourceAssignments
Has to have no valid resource assignment for IdentityType of current identity |
explain valid resource assignment here !!!!!!!!!!
Valid resource assignment is one that:
| |
ResourceAssignments (Other assignment contexts) | Identity is not used as the context for any resource assignment. Search all resource assignments table to find ones that:
|
current Identity → AnonymizationStatus | AnonymizationStatus has to be different than PendingAnonymization (2) or there has to be no changes in identity attribute values ( |
current Identity → AnonymizationStatus | AnonymizationStatus has to be NotAnonymized (1) |
OR Anonymized (6)
| ||
current Identity → DeprovisionedDate | DeprovisionDate is empty OR NOW has past the delay defined in | |
current Identity → Dependent Identities | All dependent identities have empty DeprovisionedDate |
OR NOW has past the delay defined in What is Dependent Identity? Dependent Identity is the identity belonging to the same CoreIdentity and created with IdentityProvisioningConfiguration configured in |
Processing identities to deprovision - additional filter
Identities found using above filters are there double-checked with criteria below and actions are performed.
Condition | |
---|---|
current Identity → TargetSystem → SystemRecurringTaskFeatures | 1cba8799fa0c415e9ebb6c8ed4105c7a task feature has to be active Same as in previous filter |
current Identity → CoreIdentity → ResourceAssignments | Has to have no valid resource assignment for IdentityType of current identity Watch out! Different from previous filter! Valid resource assignment is one that:
|
Processing identities to deprovision - actions
Action | Condition |
---|---|
System Connector call Event | current Identity → IdentityType → IdentityProvisioningConfiguration → DeprovisionIdentityDelayInHours != 0 AND current Identity → DeprovisionedDate IS NULL |
DB update DB change | |
Elsa workflow run | has to be configured in |
WF workflow run | has to be configured in |
System Connector call DeleteIdentity | no workflow (WF or Elsa) are configured |
DB delete |