Deleting Resources from User Accounts

Identity Manager provides several deletion operations that can be used to remove Identity Manager user account access from a resource:

• Delete. For each resource selected, Identity Manager deletes the user’s account on the remote resource. (To delete a user from Identity Manager, select Identity Manager as the resource.)

  • Deleted resource accounts are automatically unlinked from the Identity Manager user.

  • Deleted resource accounts are not unassigned from the user. The resource remains assigned to the user unless the unassign action is also selected.

• Unassign. For each resource selected, Identity Manager removes the resource from the user’s list of assigned resources.

  • Unassigned resource accounts are automatically unlinked from the Identity Manager user.

  • The user account on the remote resource is not deleted. The account remains intact unless the delete action is also selected.

• Unlink. For each resource selected, the user’s resource account information is removed from Identity Manager.

  • The user’s account on the remote resource remains intact unless a delete action is also selected.

  • The resource remains on the user’s list of assigned resources unless an unassign action is also selected.

  • If you unlink an account that has been indirectly assigned to the user through a role or resource group, the link may be restored when the user is updated.

Although deprovision appears as a user-action in the User List page menus, there are actually only three Deletion actions in Identity Manager: delete, unassign, and unlink.

To deprovision a remote resource, use the delete and unassign actions on the resource.

Deleting Resources from a Single User Account

Use the following procedure to perform a delete operation on a single Identity Manager user. By working with one user account at a time, you can specify different delete, unassign, and/or unlink operations for individual resource accounts.

To Start a Delete, Unassign, or Unlink Action for a Single User Account

1. In the Administrator interface, click Accounts in the main menu.

   The User List page displays on the List Accounts tab.

2. Select a user and click the User Actions drop-down menu.

3. Select any of the Deletion actions (Delete, Deprovision, Unassign, or Unlink) from the list.

   Identity Manager displays the Delete Resource Accounts page (Figure 3–4).

4. Complete the form. For more information on the Delete, Unassign, and Unlink actions, see Deleting Resources from User Accounts.

5. Click OK.

   Figure 3–4 shows the Delete Resource Accounts page. In the screen capture, the user jrenfro has one active account on a remote resource (the Simulated Resource). The Delete action is selected, which means that when the form is submitted, jrenfro’s account on the resource will be deleted. Because deleted accounts are automatically unlinked, the account information for this resource will be removed from Identity Manager. The Simulated Resource will remain assigned to jrenfro because the Unassign action is not selected.

   To delete jrenfro’s Identity Manager account, the Delete action should be selected for Identity Manager.

   Figure 3–4 The Delete Resource Accounts page

   
   

Deleting Resources from Multiple User Accounts

You can perform a delete operation on more than one Identity Manager user account at a time, however, you can only perform the selected delete operation on all of the users’ resource accounts.

Delete operations can also be performed using Identity Manager’s Bulk Account Actions feature. See Delete, DeleteAndUnlink, Disable, Enable, Unassign, and Unlink Commands.

To Start A Delete, Unassign, or Unlink Action for Multiple Users

1. In the Administrator interface, click Accounts in the main menu.

   The User List page displays on the List Accounts tab.

2. Select one or more users and click the User Actions drop-down menu.

3. Select any of the Deletion actions (Delete, Deprovision, Unassign, or Unlink) from the list.

   Identity Manager displays the Confirm Delete, Unassign, or Unlink page (Figure 3–5).

4. Specify the action to be performed.

   The options include:

   • Delete user only. Deletes the users’ Identity Manager accounts. This option does not delete or unassign the users’ resource accounts.

   • Delete user and resource accounts. Deletes the users’ Identity Manager accounts and all of the users’ resource accounts.

   • Delete resource accounts only. Deletes all of the users’ resource accounts. This option does not unassign the resource accounts, nor does it delete the users’ Identity Manager accounts.

   • Delete resource accounts and unassign directly assigned resources from user. Deletes and unassigns all of the users’ resource accounts, but does not delete the users’ Identity Manager accounts.

   • Unassign directly assigned resource accounts from user. Unassigns directly assigned resource accounts. This option does not delete the users’ accounts on the remote resources. Resource accounts assigned through a role or resource group are not affected.

   • Unlink resource accounts from user. The users’ resource account information is removed from Identity Manager. The users’ accounts on the remote resources are not deleted and are not unassigned. Accounts that are indirectly assigned to the users through a role or resource group may be restored when the users are updated.

5. Click OK.

   Figure 3–5 shows the Confirm Delete, Unassign, or Unlink page. The top portion of the page displays the six available actions that can be carried out for multiple users. The bottom portion of the page displays the users who will be affected by the selected action.

   Figure 3–5 The Confirm Delete, Unassign, or Unlink Page