Prevent Experience Cloud login being deleted if Analytics login is still active

aliskink1

20-05-2020

It should not be possible to delete an Experience Cloud login that is linked to an analytics login, without FIRST deleting the Analytics login.  That would prevent the situation we currently have where users' Experience Cloud logins have been deleted - presumably by an admin elsewhere in the business - when they still require Analytics access.  The user then sees an error when they try to login, telling them their account is no longer linked to an EC login, and we have to re-add that user's Experience Cloud login.

Analytics experience cloud id Login User Management
3 Comments (3 New)
3 Comments

jkm-disco

20-05-2020

Hi @aliskink1 ,

 

This doesn't sound like an issue with Analytics, but rather for the Admin Console, which would probably best be addressed in the Adobe Experience Cloud sub-forum.

 

However, it sounds like your issue is more within your organization as versus the Admin Console given that the Admin Console is precisely where user management is meant to happen, and Adobe even labels the user management within Analytics as Legacy. You should probably find out why someone within your organization is removing these accounts if they are impacting your work.

aliskink1

20-05-2020

Hi @jkm-disco   
Unfortunately we're not able to identify the admin who is deleting users (large organisation & logs don't show such activity) - Adobe ClientCare agree it's an issue and suggested I raise this 'idea' specifically because they couldn't help us to identify the culprit.  It might not even be a 'real' person but could be the result of some bug deep in adobe admin; It's only happened to 3 users so far and we have very few admins able to delete users, and no reason at all that they would delete these particular users intentionally.
Experience Cloud support desk wouldn't even pick the ticket up, because it relates to analytics users, so I doubt they would help without involvement of Analytics team. 

Personally I think the problem stems from the somewhat cobbled-together 'link' between Analytics user admin and Experience Cloud user admin since we migrated to EC.

jkm-disco

20-05-2020

@aliskink1 ,

 

This could be happening at different levels of your org, ref.

And though it could still be a glitch on Adobe's side, there is a lot of opportunity for user error/misuse.

You will need to involve a system admin from your organization, as it really is their responsibility to get to the bottom of this issue. But they will need to take the following troubleshooting steps:

  1. Check if the affected account still exists within the Admin Console or if it was just permissions that are modified.
    1. If they still exist, it could be any admin from the user group level up who removed the permissions (you can rule out user group-level if the system admins are not giving access through groups).
    2. If the account is completely removed, it can only happen at the system admin level.
  2. Once it is clear the types of admins that may have been responsible (if human error), make sure the list of admins is correct. Your system admin should determine a way of reducing the number to as few as possible to prevent any outside influence (though in large organizations this number can be in the hundreds).
  3. The system admin can then check within Adobe I/O, console.adobe.com, whether there are any integrations that use the UM (User Management) API that could be impacting the Admin Console.
  4. If there are no UM API integrations then it is either an issue with one of the Admins on the list or possibly an Adobe glitch.
  5. Just as a way of preventing the activity within your organization, narrow down the admin list as much as possible by system admins, Analytics product admins, and the admins for the affected product profile. Contact these remaining users to see if anyone actively modifies the Admin Consle and for what reasons.
  6. If a user can't be attributed to this activity, the system admin can try temporarily suspending admins at different times to see if they can eliminate the undesired activity. If, after testing every admin or group of admins, this activity still continues, it probably isn't due to misuse.
  7. Then the system admins should contact the Adobe reps and let them know of the issue and that user influence has already been tested.