Status: Waiting for Approval
The described behaviour implies, that on you’re CoreOne Suite Instance the following configuration is enabled:
Relevant Target System Features
CleanUp Task for this Target System runs with a scheduler on a regulary base
The CoreOne Suite offers different types of how you can create and manage Resources. In the beginning of implementing the CoreOne Suite, you have to decide, what type of Resources you would like to use. This article should help you to decide between Linked and Managed Resources. The behaviour of these resource types are pretty similiar in the different Target Systems we do support. We decided to focus in this article on the Target System Active Directory as this is one of the most used Target Systems by our customers.
Theory
Resources in the CoreOne Suite are nothing else than a Group in an Active Directory. Due to different Terminations in all our supported Target Systems, we decided to use the termination “Resources”. Simple said: A Resource is a right you can assign to an Identity in a Target System. In an Active Directory it is a Group (Resource) where you add a user (Identity) as member. This nesting results most commonly in a right.
Linked Resources
Linked Resources are the most used type of resources. With linked Resources you’re using existing Groups in your Target System anf only map them in the CoreOne Admin UI as “Linked Resource” so you can use them to add members through the CoreOne Suite.
As the name already explains: You only link it. You can Compare that with a Shortcut (would be the Linked Resource) to a Folder (Would be the AD-Group) on your Desktop. If you delete the Folder itself, the shortcut is still there. If you then click on the Shortcut, it will thow you an error message. If you rename the Shortcut, the Foldername itself won’t be changed. If you delete the shortcut, the folder will still be there.
Pro’s
You can easily reuse your existing Groups
Con’s
Can be irritating for Power Users to deprovision a linked resource
In the most cases the CoreOne Suite and the Target System will diverge
Managed Resources
Managed Resources are the way to go, if you start with a Target System from scratch. With Managed Resources, you will create a newly needed AD-Group directly in the CoreOne Suite. The CoreOne Suite will then create the needed AD-Group automatically and link them.
Pro’s
You can centralize the create process of AD-Groups into the CoreOne Suite. Your Power Users can create them by theirself → Decentralization of Dutie’s.
You can define templates for creating Resources
Con’s
More efforts needed for taking over existing Groups from your Target System as Managed Resource.
What they don’t do
They won’t be added automatically as Resource in the CoreOne Suite, if you create them directly in the Target System.
Linked Resources: You have to link the newly created Active Directory Group in the CoreOne Suite Admin UI to be able, to assign it to a Core-Identity. See: /wiki/spaces/IKB/pages/1796997245
Managed Resources: You’ve chosen the wrong way. It is not possible to use this Group. You have to delete it in the Target System and recreate it in the CoreOne Suite Admin UI and the CoreOne Suite creates the Group in the Target System automatically. See: /wiki/spaces/IKB/pages/1796997245
Only the creation of the Resources is not enough. You need to make sure, that the corresponding System-Features are enabled and also the CleanUp-Task runs on a schedule.
Frequently Asked Questions
Technically: Yes you can.
Logically: It’s not that simple. 
We recommend, to focus on one type. We observed, that new IAM Manager’s are often confused, if there are different ways, of how they have to handle rights.
For Example: The IAM Manager’s goal is to create a new Active Directory Group. In some OU-Path’s where you work with Linked Resources he have to do that directly in the Target System Active Directory. For an another OU-Path where you work with Managed Resources he have to get the job done through the Admin UI of the CoreOne Suite.