Date: Fri, 29 Mar 2024 12:39:27 +0000 (UTC) Message-ID: <739224781.7955.1711715967068@ip-10-10-7-29.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_7954_2063043120.1711715967067" ------=_Part_7954_2063043120.1711715967067 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
COmanage Registry supports validity dates in various contexts.
Each CO Person Role record may have valid from and valid through dates a= ttached. These dates may be collected manually, via an Enrollment Flow, or vi= a a Pipeline.
CO Person Role validity dates can be used in Expiration Policies, and are also used to set CO Person and = Person Role Status. Provisioners will not see CO Person Role records with invalid dat= es, regardless of the role status.
As of Registry v2.0.0, Organizational Identities may have valid from and= valid through dates attached. These are primarily intended for Organizational Identity = Sources to convey validity information about their records (the dates c= an be synced to a CO Person Role record via a Pipeline), though these dates may also be collected= manually.
Organizational Identities with invalid dates may not be used to login to= Registry, even if a valid login identifier is otherwise attached. Provisioners = ;will not see Organizational Identity records with invalid dates (for the l= imited set of Organizational Identity data that provisioners are permitted = to see).
As of Registry v3.2.0, CO Group Memberships may have valid from and vali= d through dates attached. These may be manually populated, or synced via&nb= sp;Organizati= onal Identity Sources. CO Group Memberships outside of the specified va= lidity dates will not be provisioned or usable for Registry authorization.<= /p>
To manually configure validity dates for a CO Group Membership, navigate= using one of these paths:
When a CO Group Member valid from or valid through date takes effect, th= e record must be reprovisioned for the associated changes to be propagated = downstream. This is done via the Registry Job Shell. When executed, the job will reprovision= any record associated with a CO Group Membership whose valid from or valid= through date is within the last x minutes,= where x is set via the CO Setting Group Validity Sync Window. The default value for this setting is 1440 minutes (or 1 day), and so t= ypically it would make sense to run this task once per day, perhaps just af= ter midnight. However, it may make sense to run this task more frequently, = depending on how your deployment uses these dates.
groupvalidity
task must=
be configured to run periodically via cron.