Orphan management

Identities with multiple accounts within OpenIAM will have a common attribute that links them together such as email address or the sAMAccountName from Active Directory. However, there may be instances when a user account that is synchronized from a managed system lacks this common attribute. We refer to these accounts as orphaned accounts.

OpenIAM's Orphan Management feature allows admins to locate orphaned accounts and either link them to the user identity, or remove them. The section below outlines the management of orphaned accounts.

From the top menu, choose User Administration, and then select Orphan Management as shown below.

Orphan Management Menu

  1. You will next see the Orphan Management screen which follows three steps.

Orphan Management Step One

Within step one, you will see a listing of the orphaned accounts. The default view shows all available accounts, but you can filter these based on the following criteria:

  • Orphan managed system: Show orphaned accounts according to the selected managed system from the drop-down menu.
  • Orphaned identity: Filter according to the identity name entered in the text field.
  • First name: Show accounts according to the first name entered in the text field.
  • Last name: Show accounts that have the last name entered in the text field.
  • Email address: Display orphaned accounts with the email address entered in the text field.
  • EmployeeId: Display orphaned accounts with the employee ID entered in the text field.
  • Create date: Show accounts created on the chosen calendar date.

After selecting the orphaned account by checking the corresponding box on the right hand side, you have the option to do the following:

  • Delete selected from IDM: This removes the account from OpenIAM.
  • Delete selected from managed system: This option removes the account from the corresponding managed system.
  • Create new user from orphan: If the user does not exist within OpenIAM, you may select this option to create a new identity from the selected orphaned account.
  1. Additionally, we can link the orphaned account to an existing identity.

Orphan Management Step Two

From the drop-down menu, search for the existing user to link to the orphaned account.

  1. Once the identity is found, click Update identities to link the account.

Orphan Management Step Three