Manage scanning tasks using the IDM admin UI
The task scanner queries a set of managed objects, then executes a script on the objects returned in the query result. The scanner then sets a field on a specific managed object property to indicate the state of the task. Before you start, you must set up this object type property on the managed user object.
In the example that follows, the task scanner queries managed user objects and returns objects whose sunset
property holds a date that is prior to the current date. The scanner then sets the state of the task in the task-completed
field of the user’s sunset
property.
-
To access the IDM admin UI from the IDM console, click Native Consoles > Identity Management > Configure > Schedules > Add Schedule.
-
Enable the schedule, and set the times that the task should run.
-
Under Perform Action, select Execute a script on objects returned by a query (Task Scanner).
-
Select the managed object on which the query should be run; in this case,
user
. -
Build the query that will be run against the managed user objects.
The following query returns all managed users whose
sunset
date is prior to the current date (${Time.now}
) and for whom thesunset
task has not already completed (/sunset/task-completed pr
):((/sunset/date lt \"${Time.now}\") AND !(/sunset/task-completed pr))
-
In the Object Property Field, enter the property whose values will determine the state of the task; in this case,
sunset
. -
In the Script field, enter an inline script.
The sample task scanner runs the following script on the managed users returned by the previous query:
var patch = [{ "operation" : "replace", "field" : "/active", "value" : false },{ "operation" : "replace", "field" : "/accountStatus", "value" : "inactive" }]; openidm.patch(objectID, null, patch);
This script essentially deactivates the accounts of users returned by the query by setting the value of their
active
property tofalse
. -
Configure the advanced properties of the schedule described in Configure Schedules.