All roles will be withdrawn. If the user is reactivated later, the user will only get the default role. See Reactivate user.
Add reasons for deactivation in Identity Manager Admin. The reasons will be shown in a drop-down list in Identity Manager Operator, see Create reason.
Step-by-step instruction for the operator
Log in to Identity Manager Operator with your user account.
In the Quick search drop-down list, select User. (Or go to the Search page to find the user)
.Search for the user that shall be deactivated. User data is shown in read-only mode.
To cancel the process, see "Cancel the process" below.
Click Deactivate user.
In the Reasondrop -down list, select the reason for deactivation. The user's active related credentials gets inactive or locked. See "Use case details" below.
Click Next to deactivate the user. The user will not be notified by email after the deactivation.
Depending on the configuration, there can be options added to the use case, see "Options" below.
To cancel the process:
Click Cancel to close the process.
Click Next to proceed with the process.
Use case details
Use case description
As an operator I want to deactivate a user in Identity Manager
Outcome
End state for user = "inactive"
End state for related credentials = "inactive"/"locked", see details below
End state for related certificates = "on hold"/"revoked", see details below
The relation from user to credentials still exists
All roles for the user are withdrawn
Related credentials
Credentials - end state
Certificates - end state
Card and related certificates
inactive
on hold
Temporary card and related certificates
locked
revoked
Virtual smart card and related certificates
inactive
on hold
Mobile ID and related certificates
inactive
on hold
Soft token and related certificates
inactive
on hold
Symbolic name
UsersProcDeactivate
Process name
Deactivate user
Component
Identity Manager Operator
Required user state
Active
Process start
On the user profile>Deactivate user
Options
The options are configured by the administrator via a script in Identity Manager Admin and can be used by the operator and self-service user.
The script already exists with default values, so you only need to change the values as needed, not create the script.