LDAP Import - Account Disabled

[Martyn Houghton]

We currently use single sign on via ADFS and LDAP Import to manage our authentication process into Hornbill.

At the moment users will be stopped from logging in to Hornbill when there AD account is disabled, but if the user already has a connection open to Hornbill prior to the account being disabled they are able to continue to use the system.

Is it currently possible via the LDAP Importer to update the Hornbill User's status to suspended based on the AD Disabled attribute and secondly if a Hornbill account is suspended when a user is logged in do they get logged out?

Cheers

Martyn

[TrevorKillick]

@Martyn Houghton

As part of the UserAccountStatus configuration the status can be (active | suspended | archived ) so you can set the Hornbill Accounts to suspended based on an AD flag, this is typically done using a separate configuration of import that is set to update only and search LDAP for disabled users. 

Currently the active session is not expired automatically and would need to time out.

Kind Regards

Trevor Killick

[Martyn Houghton]

@TrevorKillick

Thanks. So the session would have to time out based on the setting 'communications.sessionIdleTimeout' before the suspension would become active, however this will trigger a login via adfs SSO which would also stop the login at that point.

Does the same apply to mobile app connections? When will the suspension of the accounts trigger the mobile app to no longer connect?

Cheers

Martyn

[TrevorKillick]

@Martyn Houghton

Thats correct, i will check with out Mobile App Developers it uses a different mechanism for authentication so i just need to confirm the behaviour for timeout and suspended accounts.

Kind Regards

Trevor Killick