OCI Identity Cloud Service (IDCS) - Consequences of Disabling Provisioning for a Fusion Application in IDCS
(Doc ID 2901380.1)
Last updated on JUNE 26, 2024
Applies to:
Identity Cloud Service (IDCS) - Version N/A to N/AInformation in this document applies to any platform.
Goal
Let’s say we have two fusion applications called A and B.
For one Fusion Application A has been configured the provisioning, using Fusion as the source of accounts, with authoritative sync enabled.
Accounts were allowed to synchronize and were granted access to the Fusion application automatically by the provisioning process.
After creating another Fusion Application, B, the provisioning for the A has been disabled and set it to B.
Once this has been done:
- creating or deleting grants to users in the UI of the application A is not possible anymore
- it is possible to delete the grants using REST API calls. To remove the Grants for a user, please refer to the following REST API: Delete /admin/v1/Grants/{id}
For additional details on how to remove user grants, please refer to Remove a Grantee from an AppRole.
Using REST API call it can be seen that the Fusion Apps A and B have the synchronization enabled.
REST API that can be referred to is: Get /admin/v1/Apps/{id}. The following Get an APP can be used for reference.
For application A:
- ApplicationA: <APP_ID>
- "enableSync": true
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Goal |
| Solution |