SMAX - IDM, Deleting Federated users using Managed person API

Idea ID 1672189

SMAX - IDM, Deleting Federated users using Managed person API

Hi,

This is regarding an enhancement related to managing federated users in Suite back office.

As of now, using ManagedPersons API we can create/update the users of all type (DB/LDAP/FEDERATION). However we have recently learnt that the "DELETE"  operation is not possible if the user type is LDAP or FEDERARION. 

MIcrofocus official documentation, says that it is possible, however we found this info to be erraneous through a support ticket, after we found that DELETE is actually not working.

To have a completely automated use case for managing users from AD, this delete operation is very crucial and it is also a common use case.

So, following is what formaly requested in this ER

  1. Create users of all type using Managed Person API (Already existis)
  2. Update users using managed person APIs (part of it exisits now, however changing things like AUTH TYPE is not possible)
  3. DELETE/DISABLE users using Managed Person API (only DB users can be deleted as of now)

Thanks

Harsha

5 Comments
Knowledge Partner
Knowledge Partner

As you mentioned, you have to change a Federated user to a DB User before you can delete it.

The webservice for BO does allow you to change the Authentication Type, I have tested and done this

You need to use the following WebService

https://<FQDN>/bo/rest/entities/user/changeUsersOrg

If this is supported, I don't know and I would check with MicroFocus if there is any effect by doing it this way

 

Regular Contributor.. Regular Contributor..
Regular Contributor..

I see 3 issues in using ChangeUserAPI from back office

1. We are using managedPersonsAPI and hence using a dedicated Integration User. To use the ChangeUserAPI  you have suggested to change auth type, they need to use the “suite-admin” user credentials which is not preferred as they will then have the full suite access…!

2. We noticed that the “key field” for Change auth type API is “user id”, which is unique to suite administration only. What this means is that, we need to first find out the user id of the user that we would want to delete and then change the auth type. Also this user id is unique to Suite-administration only and not the same as the one inside SMAX’s person record

3. ChangeUSerAPI is never used as a Public API in the documentation, so there is a risk of it being changed in the future and we are not awae of it...

Knowledge Partner
Knowledge Partner

Hi Harsha

Indeed you are correct, there are some governance or security questions they need to consider regarding this.

Getting the ID of the user is very easy, we execute that step before we do the update.

And on your third point, yes this can be removed at anytime

Best to consult with MicroFocus on what is the best approach

Micro Focus Expert
Micro Focus Expert
Status changed to: Accepted

Great news, this idea has been accepted on our product roadmap. Subscribe to receive updates. (This is not a formal commitment, and subject to change)

Micro Focus Frequent Contributor
Micro Focus Frequent Contributor
Status changed to: Delivered

This idea has been implemented in product release SMAX 2019.02. Check out the release notes for details. Thanks to all of our contributors for helping us continue to improve our products!

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.