I am new to openidm and trying to explore options to remove roles from user once user status changes to terminated.
Is there any out of box feature available in Forgerock to do this ? Can you please help how to implement this solution
Asked
Active
Viewed 207 times
1 Answers
0
You can write a JavaScript that you can add to postUpdate (or onUpdate, but this will block the patch call during the removal) of the managed object. If you detect the change of the user status to the terminated state, you can query the roles the user is in and then loop over those to delete the user from each.
Some resources that might help you with listing roles and removing them:
- Query a user's roles: https://backstage.forgerock.com/docs/idcloud-idm/latest/objects-guide/roles-over-rest.html#querying-user-roles
- Delete user's roles: https://backstage.forgerock.com/docs/idcloud-idm/latest/objects-guide/roles-over-rest.html#_over_rest
- Scripts in managed object triggers: https://backstage.forgerock.com/docs/idcloud-idm/latest/scripting-guide/script-triggers-managedConfig.html
- How to use resources in IDM scripts: https://backstage.forgerock.com/docs/idcloud-idm/latest/scripting-guide/scripting-func-ref.html
Jonas Heinisch
- 363
- 2
- 12