User Disable is used in IDHub to mark a user status as ‘Disabled’. This restricts user to be able to login to IDHub and perform any functions. Users with this status are not considered as part of count of users allowed from license plan as well.
Users can be disabled in IDHub via multiple ways. This document lists the ways in which a user can be disabled in IDHub.
Ways to Disable User in IDHub
- To Disable Users
- Via Service Request
- Via Trusted App Reconciliation
Let us go into each way in detail
Disable User via Service Request
Requesting For Disable/Enable User Service
- Who can request? - Any user can request for a user disable from this service for self or other users in the organisation
- How it can be requested? - From Search Catalog ‘Service’ Tab, option to add to cart will be present. Upon adding the cart and opening cart details page, form needs to be filled for the service which will option to choose Disabled or Active Status where ‘Disabled’ needs to be selected.
- What is the approval process? - After requesting, the request goes to the System Administrator for approval. Once approved by an admin from task page, the user attribute ‘status’ is marked as ‘Disabled’.
Managing Disabled/Enable User Service
- Manage Service : IDHub has a section named ‘Services’ in Admin Module. This section helps in managing user life cycle features of IDHub. The Services uses a form and a workflow to complete its action. To know more about Services, go to Services section (Link to be added later).
- Manage Custom Form : IDHub has a section named ‘Custom Form’ in Admin Module. This section lists all custom forms that are used at various placed in IDHub. Form Name - ‘Disable/Enable User’ can be viewed or edited as needed to maintain organisation specific customizations.
It is advisable not to add additional form attributes in this service as modifying the existing attribute may break the disable flow if modified incorrectly.
Disable User via Trusted App Reconciliation
Assuming a trusted application is set up correctly (To know more, go to Create User page) with a IDHub user field ‘status’ mapped with the application, upon the next synchronization process of a trusted application, IDHub assesses a record for changes in a specific user attribute named ‘Status’. If that user attribute has a Sync direction to update in IDHub (i.e. either Bi-directional sync or App to IDHub) then the user attribute in IDHub gets updated on a changed value that appears from the sync.
It is important that the values coming in the status attribute are exactly as accepted by IDHub, else it will fail other IDHub processes for user on user access request. Permissible values in status attribute are: Active and Disabled Only
Things affected from Disable User
- User login is disabled
- Active Request by the user is rejected
- All open proxies are removed
- All open individual tasks are assigned to the manager
- All group tasks claimed are released
- No change in user role and applications (Removal request for these are allowed)
- Open certification tasks are reassigned to alternate certifier/certifier