Hi we have a requirement to restrict the external users for 90 days, after that their user ids should be locked which can be further extended by super user with a predefined workflow, how can this be achieved?
we are using AEM 6.1, on Linux
Thanks
Sanat.
Solved! Go to Solution.
Views
Replies
Total Likes
Hi Sanat,
check the out: https://jackrabbit.apache.org/oak/docs/security/user/expiry.html
You could have a scheduled job to check for expired accounts and launch a workflow?
Regards,
Opkar
Views
Replies
Total Likes
Hi Sanat,
check the out: https://jackrabbit.apache.org/oak/docs/security/user/expiry.html
You could have a scheduled job to check for expired accounts and launch a workflow?
Regards,
Opkar
Views
Replies
Total Likes
Jörg Hoh wrote...
As Opkar already said, you can do this with features being part of the AEM stack. As your requirements are getting complex, I see this more as a job of an external identity provider (Active Directory or any other system), which are much more suited to handle requirements like yours.
@Opkar: As I understand, the expiration feature of Oak is targetting the general password expiration process, while Sanats wants it to happen only for some users ("external users"), which doesn't seem to be possible right now.
kind regards,
Jörg
Yes Jorg, you are true, we dont restrict internal users but for external users(whose id gets created in aem by some manual means) restrict the user from logging in instead of expiring the password, expiring password doesn't restrict user from changing it again and logging in.
Thanks,
Sanat.
Views
Replies
Total Likes
Hi Sanat,
Joerg is indeed correct, this feature would be set instance wide and all users would be treated the same. Unless you had custom code which reset the password expiry for external users, but you would need some way to identify external users.
Regards,
Opkar
Views
Replies
Total Likes
Opkar Gill wrote...
Hi Sanat,
Joerg is indeed correct, this feature would be set instance wide and all users would be treated the same. Unless you had custom code which reset the password expiry for external users, but you would need some way to identify external users.
Regards,
Opkar
we might not need instance wide rule, as idp provider has the policy control for internal users, but for external users idp can not control them is there a way can we set policy for external users out of box or by some kind of customization?
i even have the same question how do we identify external users vs internal users so that we can either run a scheduler to process the external user access.
Thanks
Sanat.
Views
Replies
Total Likes