Skip to Content.
Sympa Menu

grouper-users - [grouper-users] deprovisioning with a grace period

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] deprovisioning with a grace period


Chronological Thread 
  • From: "Lomax, Erica" <>
  • To: "" <>
  • Subject: [grouper-users] deprovisioning with a grace period
  • Date: Thu, 25 May 2017 18:17:41 +0000
  • Accept-language: en-US
  • Ironport-phdr: 9a23:8sRcZhbKXMcWxWsLPgS3heP/LSx+4OfEezUN459isYplN5qZr8q9bnLW6fgltlLVR4KTs6sC0LuJ9fu8EjBYqb+681k6OKRWUBEEjchE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRoLerpBIHSk9631+ev8JHPfglEnjSwbLdwIRmsowjcucYajIR+Jq0s1hbHv3xEdvhMy2h1P1yThRH85smx/J5n7Stdvu8q+tBDX6vnYak2VKRUAzs6PW874s3rrgTDQhCU5nQASGUWkwFHDBbD4RrnQ5r+qCr6tu562CmHIc37SK0/VDq+46t3ThLjlSEKPCM7/m7KkMx9lKJVrgy8qRxjzYDaY4CVO+ZxcKzSZt4aWXNBU9xNWyBdHo+wcY0CBPcBM+ZCqIn9okMDoRW4CwmrAePg0DBJimfr1qM1yeQhEB3J0xYuE9kTt3nao8/1NKYOXu+v1qXGyzLDb/ZM1jby84XIdQohru+DXbJ3d8rR0lUvGBnZjlqOs4DqIS6a1vkUvmWd8uFuVvqvhnY6pw1voTWj3Nogh43Hi44P11zJ9T91zYkoKdGgVUJ3f92pHIFNuyyeOYZ6WMEvT3tqtSs60rEKpJ+2cSwQxJg5xxPSZOaLf5WS7h79W+ucLjF1j29/dr2lnRa9602gx/X8Vsaq1FZKqTJIksLJtnARzxze5NKLSv1z/0e6wzqP0BrT5f9LIUAzk6rbMIIhzaQslpUNq0jMADL5mFjugK+XcEUr5PSo5vz6brn4pZKQLZJ4hwXwP6g0h8CyAf40PwcTU2SD/OSzzrzj/Un3QLVQif02l7HUvp/AJcQauqG2GRVZ3IAk6xa6FTin388VnX4dLF1bdxKHiI7pO0rSIP/iEfewnU6gnyl2yPDbJrHhGInCLmDfkLf9erZw80FcyBA0zdBC/5JbFKsBLOvuWk/qqtPYFAQ5Pheww+bmE9V9ypgeVXyVDq+YNqPSrUGH5vgpI+aSeI8ZpizxJOY46P7z3jcFngpXcrOuwIMacjWlBfl8OG2YZ2bhmNEMDT1MswYjBqS+h0eFTCZefTOvRK8m/Rk6Dp6rF4HOWtrrjbCcinSVBJpTMypiDVWFATOgWp+FUP5GIHa/OM5qm3ogUr2oW6cmzxyhswnh17N7I6zZ9jBO5sGr78R8++CGzUJ6zjdzFcnIi2w=
We currently are working on how to deprovision users from Box. Unlike
services where we just cut off access when eligibility ends, we want to allow
a grace period to allow users to retrieve content. During that grace period,
we want to send warnings about the loss of access on a specified schedule
(30d, 14d, etc). After the grace period, the account would remain in Box in
a deactivated state for 90d prior to deletion.

At a high level, our group for Box eligibility rolls up as follows:
(Employee eligibility calculation group + Student eligibility calculation
group + Associate eligibility calculation group + ad hoc adds group) -
excludes group. We automatically provision employee accounts in Box via API,
students and associates and ad hocs provision on demand via SAML. On loss of
all eligibility, you may or may not have a Box account.

Trying to drive this deprovisioning logic out of Grouper is proving a very
challenging, but maybe we're over complicating it. Before we make our final
plans, can anyone offer advice on how they've solved similar issues or have
solutions we could review?

Thanks!
Erica Lomax
Director, Identity & Infrastructure
Information Services | Oregon State University | 541-737-3619


Archive powered by MHonArc 2.6.19.

Top of Page