[MNT-12283] Need to be able to disable external users Created: 17-Dec-13 Updated: 30-Aug-16 Resolved: 18-Mar-16
|Project:||Service Packs and Hot Fixes|
|Component/s:||Repository Authentication and SSO|
|Reporter:||Alex Strachan||Assignee:||Closed Issues|
|Remaining Estimate:||0 minutes|
|Time Spent:||2 hours|
|Original Estimate:||Not Specified|
We need to be able to disable external users i.e. users who are part of SSO or LDAP directory but should not have access to Alfresco.
We cannot entirely disable the users as they need access to other applications that are part of the SSO infrastructure i.e. do not modify external account details but keep disabled status with other Alfresco specific fields in the profile. (as an aside it would be quite nice to have the option to sync more fields)
The UI does not allow us to disable the users but it can be done programmatically although the disabled user can still log in so has no impact(hence a bug).
Ideally there would be customizable page to show for authenticated but disabled users.
|Comment by Richard Esplin [X] (Inactive) [ 18-Mar-16 ]|
The crux of this use case is that the user needs to continue to exist in the IdP, but show up as disabled in Alfresco.
The most common approach is to use a common authentication directory behind the IdP and Alfresco, and then synchronize a specific LDAP group to Alfresco. However,
Another approach is to have Alfresco get this information directly from the IdP. This is not currently planned as a feature of the on-premise SAML module, but is being considered as part of SAML-176.
I will close this issue as a duplicate of