Enabling Active/Inactive Profile Checks with LDAP

As users join and leave an organization, credentials need to be provisioned and deprovisioned.  Turbot supports user synchronization with LDAP directories.  Periodically, Turbot will query LDAP to get a list of active users and group membership.  By default, Turbot does not deactivate profiles unless the below policies are set to something above 'Skip'.

  • Turbot:Directory:ProfileActiveDirectoryUserEnabled = Force inactive if directory user is not enabled
  • Turbot:Directory:ProfileActiveStatus= Active if profile is active
  • Turbot:Directory:ProfileActive = <Customers will need to work out an acceptable value for their environment>
Was this article helpful?
0 out of 0 found this helpful