Expand my Community achievements bar.

July 31st AEM Gems Webinar: Elevate your AEM development to master the integration of private GitHub repositories within AEM Cloud Manager.
SOLVED

How to restrict user access for a period of time?

Avatar

Level 1

Hi we have a requirement to restrict the external users for 90 days, after that their user ids should be locked which can be further extended by super user with a predefined workflow, how can this be achieved?

we are using AEM 6.1, on Linux

 

Thanks

Sanat.

1 Accepted Solution

Avatar

Correct answer by
Employee

Hi Sanat,

check the out: https://jackrabbit.apache.org/oak/docs/security/user/expiry.html

You could have a scheduled job to check for expired accounts and launch a workflow?

Regards,

Opkar

View solution in original post

4 Replies

Avatar

Correct answer by
Employee

Hi Sanat,

check the out: https://jackrabbit.apache.org/oak/docs/security/user/expiry.html

You could have a scheduled job to check for expired accounts and launch a workflow?

Regards,

Opkar

Avatar

Level 1

Jörg Hoh wrote...

As Opkar already said, you can do this with features being part of the AEM stack. As your requirements are getting complex, I see this more as a job of an external identity provider (Active Directory or any other system), which are much more suited to handle requirements like yours.

@Opkar: As I understand, the expiration feature of Oak is targetting the general password expiration process, while Sanats wants it to happen only for some users ("external users"), which doesn't seem to be possible right now.

kind regards,
Jörg

 

Yes Jorg, you are true, we dont restrict internal users but for external users(whose id gets created in aem by some manual means) restrict the user from logging in instead of expiring the password, expiring password doesn't restrict user from changing it again and logging in.

Thanks,

Sanat.

Avatar

Employee

Hi Sanat,

Joerg is indeed correct, this feature would be set instance wide and all users would be treated the same. Unless you had custom code which reset the password expiry for external users, but you would need some way to identify external users.

Regards,

Opkar

Avatar

Level 1

Opkar Gill wrote...

Hi Sanat,

Joerg is indeed correct, this feature would be set instance wide and all users would be treated the same. Unless you had custom code which reset the password expiry for external users, but you would need some way to identify external users.

Regards,

Opkar

 

we might not need instance wide rule, as idp provider has the policy control for internal users, but for external users idp can not control them is there a way can we set policy for external users out of box or by some kind of customization?

i even have the same question how do we identify external users vs internal users so that we can either run a scheduler to process the external user access.

Thanks

Sanat.