Maintain users in Service Now

Nic Omaha
Tera Guru

‎03-31-2015 10:42 AM

We currently have Service Now synced with LDAP and utilize single sign on. One thing we have encountered is the list of users just keeps getting bigger and bigger since we currently do not sync with inactive users and mark them inactive in SN. What is everyone else s current practice with users and making inactive?

0 Helpfuls
  • 773 Views
2 REPLIES 2

Pradeep Sharma
ServiceNow Employee
ServiceNow Employee

‎03-31-2015 11:01 AM

Hi Nicholas,



You may find the below thread as helpful.


Deactivate user when not found on the LDAP import


0 Helpfuls

d_cammack
Tera Guru

‎03-31-2015 11:05 AM

Hello Nicholas,


One thing I wanted to consider when users are 'inactivated', that their profiles are not immediately inactivated on ServiceNow, as that would make it difficult for support groups since their names would be blank on active records.   Since their account is inactive on LDAP, they will not be able to sign in to ServiceNow.  



What I have done is based on this article:   Detecting Disabled LDAP Records - ServiceNow Wiki



You can add a 'Last Refreshed' value on the user table and create a transform script to update this field each time a load is performed from LDAP.   The account will not refresh if it is inactive on LDAP, so you can then setup a scheduled job to lock accounts that have not been refreshed in x number of days.   (I think I have it set to 60 days)



Best regards,
David


0 Helpfuls