Orphan management
Identities with multiple accounts within OpenIAM will have a common attribute that links them together such as email address or the sAMAccountName from Active Directory. However, there may be instances when a user account that is synchronized from a managed system lacks this common attribute. We refer to these accounts as orphaned accounts.
OpenIAM's Orphan Management feature allows admins to locate orphaned accounts and either link them to the user identity, or remove them. The section below outlines the management of orphaned accounts.
- Sign into the webconsole.
- From the top menu, select User Admin > Orphan Management to see a listing of all orphaned accounts.
You may filter the listing based on the following criteria:
- Orphaned managed system. The managed system the orphaned account belongs to.
- Orphaned identity. The principal name of the orphaned account.
- First name. The first name of the orphaned account.
- Last name. The last name of the orphaned account.
- Email address. The email address of the orphaned account.
- EmployeeId. The employee id of the orphaned account.
- Create date. The date the orphaned account was created.
- Choose the orphaned accounts you wish to take action on and select one of the following:
- Delete selected from IDM. This deletes the orphaned account from OpenIAM.
- Delete selected from managed system. This deletes the orphaned account from the corresponding managed system.
- Create new user from orphan. This creates a new identity from the selected orphaned account.
Map orphaned account to existing identity
- Choose the orphaned account you wish to map from the listing.
- Choose the identity you wish to map the orphaned account to.
- Select Update identities.