Create Incident if inactive User tries to login
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-05-2022 07:25 AM
Hi experts
We have enabled the "Auto Provisioning User" for our Azure Identity Provider which automatically creates users when they log in for the first time. Now we want to set "Locked Out" to "True" for users who have not logged in for 3 months. After another 3 months we want to set "Active" to "False". If these users try to log in again, an incident should be created.
But now the situation is that when a user tries to login that is inactive, the system tries to create a new user. How can I catch this so that it doesn't try to create a new user, but realizes that there is already a user who is simply inactive?
Users that are locked out but active are detected and we can catch this directly in the transform map script. Unfortunately, this does not work for inactive users.
Does anyone have an idea?
Thanks
Dominik
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-06-2022 11:02 PM
You should only be setting users to inactive if they have left the environment completely, i.e. left the company. Even if they are not authorised to use the system, they are still 'active' in the environment. If a user leaves the company and comes back 5 years later, you wouldn't reactivate their old account, you would create a new one as part of onboarding and set things up from scratch again. It is the same concept in servicenow, if the user account is marked as inactive, it thinks that the user is gone from the environment, and anyone using the same credentials is just a coincidence and they are treated as a completely different person.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-10-2022 11:39 PM
Hello Luke
Thank you very much for your feedback. That's a new way of looking at things that we haven't considered before, but it makes sense.
Best regards
Dominik
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-10-2022 11:56 PM
Hi
This is a way mentioned for group members, which you can refer and tweak as per your requirement :
Mark my answer correct & Helpful, if Applicable.
Thanks,
Sandeep
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-11-2022 01:04 AM
Hi Sandeep
Thank you very much for your feedback.
Unfortunately, that is not what we want to do. Our goal would be to run a daily scheduled job that checks if a user's "Last Login" is longer than 6 months ago. If this is the case, the user should be inactivated. So far no problem.
But if this inactivated user tries to log in again via SSO, an incident should be created automatically. And this does not work, because the Transform Script does not recognize the inactivated user and therefore tries to create a new user.
Best regards
Dominik
