What capability of the AFX is to be enabled to auto fulfill these Map & UnMap operations. As it is always going for a manual fulfillment.
Did you ever get a response to this? We've noticed the same behavior.
In the Unmap operation , RSA creating the 'Delete' operation instead of 'Remove' operation. We need to remove the account mapping from user. Is there any issue with Unmap webservice?
That is the default behavior for Accounts after the last mapping has been removed.
This is documented on page 201 of the Administrators Guide in the section "Account Management Terminology".
What we get here is we are trying to remove a user from account (computer based Account) using post webservice call.
This can be done only via unmap request in webservice call , but whenever we trigger an unmap request Rather then taking the operation as 'RemoveUserFromAccount' but it is triggering it as Implicit Account Removal Which if seen correctly checks wheter there is some access being removed from the account but we are not removing access from the account which would trigger system to check if the account needs to be there.
The situation is if a user leaves and you want to unmap that user from an Computer account he was using so that particular Desktop can be assigned to someone else(computer accounts needs reassign or change of users frequently) and you trigger an Unmap call you end up deleting the whole account from the source which should be the case
Please let me know how can this be resolved
I see that you have a Support Case open for this issue. I will wait for the case to be resolved and then update the issue here with the resolution.
It looks like there are multiple cases open for this issue with support. Did you get a satisfactory answer to your questions?
It is my understanding that this is security feature and it is working as designed. That design was agreed upon in consultation with many customers. RSA is open to changes in this design or enhancements to the design to make it more flexible.
We encourage you to state your specific requirements on the RSA Ideas Page with a new Idea.
RSA Ideas for RSA Identity Governance & Lifecycle
Or by contributing to one of the existing Ideas for this feature.
Unmap Request should only remove/unmap the user from the account instead of account deletion
I encourage you to provide examples of exactly how you would like this to function and to be configured.
See the following article for guidelines.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.