Users need to be removed from VIP Manager due to employees having left the company or for other reasons.

If the ADD function in the LDAP sync settings is enabled, all members of the Enterprise Gateway User Store filters will be synchronized to the cloud when an LDAP synchronization occurs. To prevent this, disable the ADD option and allow users to self-add and manage their VIP credentials through using the  MyVIP or VIP Self-Service portal. Then use the LDAP sync DELETE feature to delete users from VIP Manager.

There are two LDAP sync scenarios, depending on the situation, to accomplish this.

Scenario 1

If users are no longer present in your LDAP user store, use LDAP sync DELETE option to remove them from your VIP account:

1. From the EGW on the User Store tab, navigate to LDAP Directory Synchronization.
2. Select the Delete option next to the User Synchronization option.
   
   
3. Click Start Simulation to perform a mock LDAP sync, then preview the results in simulation-log.txt. Adjust user store filters if necessary to achieve desired results.
4. Click Synchronize Now to perform the LDAP sync if simulation results are acceptable. 

Scenario 2

If the users satisfy the filter settings your LDAP user store and your objective is to simply remove them from VIP Manager, modify the user filter(s) in the user store settings.

1. From the User Store tab, navigate to User Store.
2. Click Edit from the Action column for the Name of the user store
3. Click on the Search Criteria tab.
4. Update the user filter to only include the users that should be synced.
   (See: How to Configure the VIP Enterprise Gateway (VIP EG) User Store Filter)
5. Save changes.
6. Follow the steps from Scenario 1 to perform the LDAP sync.

Note: The LDAP directory sync service will create, modify and\or delete users in your VIP Cloud Service based on the users’ membership in the LDAP User Store filters. VIP users added via an API call or through the VIP Manager portal need to be updated (aka: "owned") by an LDAP sync instance. Users in the cloud that don't satisfy any LDAP filters are considered orphaned and require manual deletion. 

Optional scenario 3

You can integrate VIP Web Service API calls within your own client application to add, update, and delete users and credentials. The APIs allow you to control adding and removing users and credentials. Please refer to the online help for additional information.

Optional scenario 4

VIP Manager includes a global policy setting to automatically delete users who have not validated within a defined number of days, or who have had no registered credentials. This configuration can be found in VIP Manager under the Policies tab under Account > Users > Automatically delete users. For more information on how this policy works please visit the Help section of VIP Manager.

Optional scenario 5

If none of the above scenarios are feasible, contact Broadcom VIP Support to request assistance with a one-time user cleanup. The assigned VIP support engineer will ask for the following:

1. Your VIP JHash
2. A .CSV file containing the VIP user IDs to be deleted. Remove all other columns if exporting from VIP Manager.
3. A VIP certificate and certificate password from your VIP tenant to be used to perform the cleanup only on your behalf. The cert can be revoked after a successful operation. 
4. We require either the approval from a corporate contact, or business contact person, or a Purchase Order (PO) confirmation to ensure that the deletion is intentional and aligns with your organization's policies.
5. OPTIONAL: VIP Support can first set the users' state to DISABLED and allow your organization to monitor before proceeding with the actual deletions. 

NOTE: Always export a detailed list of users from your VIP Manager tenant before any deletions.