...
Task filters the identities to be deprovisioned based on below conditions:
Condition | |||
---|---|---|---|
current Identity → TargetSystem → SystemRecurringTaskFeatures | 1cba8799fa0c415e9ebb6c8ed4105c7a task feature has to be active | ||
current Identity → IdentityType → IdentityTypeFeatures | IsDeprovisioningExternallyActive (9) feature has to not active | ||
current Identity → IsProvisioned |
| ||
current Identity → CoreIdentity → ResourceAssignments | Has to have no valid resource assignment for IdentityType of current identity Valid resource assignment is one that:
| ||
ResourceAssignments (Other assignment contexts) | Identity is not used as the context for any resource assignment. Search all resource assignments table to find ones that:
| ||
current Identity → AnonymizationStatus | AnonymizationStatus has to be different than PendingAnonymization (2) or there has to be no changes in identity attribute values ( | ||
current Identity → AnonymizationStatus | AnonymizationStatus has to be NotAnonymized (1) OR Anonymized (6)
| ||
current Identity → DeprovisionedDate | DeprovisionDate is empty OR NOW has past the delay defined in | ||
current Identity → Dependent Identities | All dependent identities have empty DeprovisionedDate OR NOW has past the delay defined in What is Dependent Identity? |
Dependent Identity is the identity belonging to the same CoreIdentity and created with IdentityProvisioningConfiguration configured in |
Processing identities to deprovision - additional filter
Identities found using above filters are there double-checked with criteria below and actions are performed.
Condition | |
---|---|
current Identity → TargetSystem → SystemRecurringTaskFeatures | 1cba8799fa0c415e9ebb6c8ed4105c7a task feature has to be active Same as in previous filter |
current Identity → CoreIdentity → ResourceAssignments | Has to have no valid resource assignment for IdentityType of current identity Watch out! Different from previous filter! Valid resource assignment is one that:
|
Processing identities to deprovision - actions
Action | Condition |
---|---|
System Connector call Event | current Identity → IdentityType → IdentityProvisioningConfiguration → DeprovisionIdentityDelayInHours != 0 AND current Identity → DeprovisionedDate IS NULL |
DB update DB change | |
Elsa workflow run | has to be configured in |
WF workflow run | has to be configured in |
System Connector call DeleteIdentity | no workflow (WF or Elsa) are configured |
DB delete |