Creating User Accounts in an Expired or Disabled State
search cancel

Creating User Accounts in an Expired or Disabled State

book

Article ID: 9495

calendar_today

Updated On:

Products

CA Directory CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On CA Security Command Center CA Data Protection (DataMinder) CA User Activity Reporting

Issue/Introduction

How to create accounts in either an Expired or Disabled state, with the ability to re-enable the account upon successful User Registration. 



Example Scenario:

User is created in a disabled state and a successful registration being when an End User utilizes the Self Service portal to register and answer their forgotten questions.

 

Environment

Release:
Component: IDMGR

Resolution

To accomplish this, you could set the account to being disabled on an "unregistered" account template, then use this template to create the accounts.

When the account is registered, switch the account to having a "registered" account template. Which would mean the Provisioning Policies would have to be swapped around too.

Or you could use custom BLTHs through the Identity Manager web UI.

You may want to consider using a workflow to perform an approval process to grant a user access to a provisioning role. So the accounts wouldn't even be created until the approval process was completed.

We also recommend making sure that the Identity Manager tasks have AccountSync=OnEveryEvent instead of AccountSync=OnTaskCompletion. Otherwise the accounts could be toggled back to Enabled right away, even if the Account Template is configured to create the accounts as Disabled.