Type that defines activation properties. Determines whether something is active (and working) or inactive (e.g. disabled).
It applies to several object types. It may apply to user, account, assignment, etc. The data in this type define if the described concept is active, from when it is active and until when. The "active" means that it works. If something is not active, it should not work or not cause any effect. E.g. inactive user should not be able to log in or run any tasks, the non-active role should not be assigned and if assigned it should not be taken into account when computing the accounts.
Name | Type | Multiplicity | Description |
---|---|---|---|
administrativeStatus |
property ActivationStatusType |
[0,1] | This defines the "administrative state", i. |
effectiveStatus |
property ActivationStatusType |
[0,1] | This defines the "effective state", i. |
validFrom |
property dateTime |
[0,1] | A date from which is should the object be considered active. |
validTo |
property dateTime |
[0,1] | A date to which is should the object be considered active. |
validityStatus |
property TimeIntervalStatusType |
[0,1] | This property holds the result of validity period computation with respect to the current date and time. |
disableReason |
property anyURI |
[0,1] | URL that identifies a reason for disable. |
disableTimestamp |
property dateTime |
[0,1] | Timestamp of last modification of the activation status to the disabled state. |
enableTimestamp |
property dateTime |
[0,1] | Timestamp of last modification of the activation status to the enabled state. |
archiveTimestamp |
property dateTime |
[0,1] | Timestamp of last modification of the activation status to the archived state. |
validityChangeTimestamp |
property dateTime |
[0,1] | Timestamp of last modification of the effective validity state, i. |
lockoutStatus |
property LockoutStatusType |
[0,1] | This defines the state of user or account lock-out. |
lockoutExpirationTimestamp |
property dateTime |
[0,1] | Timestamp of a moment when account lockout expires and the account will be normally usable again. |
Flags: RAM,runtime,AVals:3
Multiplicity: [0,1]
This defines the "administrative state", i.e. the administrator's decision.
If set, this property overrides any other constraints in the activation type.
E.g. if this is set to "enabled" and the object is not yet valid (according to
validFrom below), the user should be considered active. If set to "disabled" the
user should be considered inactive regardless of other settings.
Therefore this property does NOT define an actual state of
the object. It is a kind of "manual override".
If this property is not present then the other constraints in the activation type
should be considered.
If the administrative status is not present and there are no other constraints in
the activation type or if there is no activation type at all then the object is
assumed to be "enabled", i.e. that the described concept is active.
Flags: RAM,runtime,oper,AVals:3
Multiplicity: [0,1]
This defines the "effective state", i.e. the result of combining several
activation settings (administrative status, validity dates, etc.).
This holds the result of a computation, therefore it is kind of VIRTUAL property
that is recomputed every time. It SHOULD NOT be set directly but it rather should be
computed from the values of other activation properties. Therefore it is considered
READ ONLY for the high-level code. It may be stored in the repository but in that
case it has only an informational value (the effective activation status at the time
the object was last updated).
If this property is not present then the computation haven't taken place yet.
Flags: RAM,runtime
Multiplicity: [0,1]
A date from which is should the object be considered active.
Not applied if the "enabled" flag is set to any value.
Flags: RAM,runtime
Multiplicity: [0,1]
A date to which is should the object be considered active.
Not applied if the "enabled" flag is set to any value.
Flags: RAM,runtime,AVals:3
Multiplicity: [0,1]
This property holds the result of validity period computation with respect to the current
date and time. E.g. it specifies whether the entity is before the validity period,
in the validity period or after validity period.
This holds the result of a computation, therefore it is kind of VIRTUAL property
that is recomputed every time. It SHOULD NOT be set directly but it rather should be
computed from the values of validity timestamps and current time. Therefore it is considered
READ ONLY for the high-level code. It may be stored in the repository but in that
case it has only an informational value (the effective activation status at the time
the object was last updated).
If this property is not present then the computation haven't taken place yet.
Flags: RAM,runtime,oper
Multiplicity: [0,1]
URL that identifies a reason for disable. This may be indication that that identity
was disabled explicitly, that the disable status was computed or other source of the
disabled event.
Flags: RAM,runtime,oper
Multiplicity: [0,1]
Timestamp of last modification of the activation status to the disabled state.
Note: This timestamp is used for recording purposes. Changing it will NOT change
the activation state.
Flags: RAM,runtime,oper
Multiplicity: [0,1]
Timestamp of last modification of the activation status to the enabled state.
Note: This timestamp is used for recording purposes. Changing it will NOT change
the activation state.
Flags: RAM,runtime,oper
Multiplicity: [0,1]
Timestamp of last modification of the activation status to the archived state.
Note: This timestamp is used for recording purposes. Changing it will NOT change
the activation state.
Flags: RAM,runtime,oper
Multiplicity: [0,1]
Timestamp of last modification of the effective validity state, i.e. last time the validity
state was recomputed with result that was different than the previous recomputation. It is
used to avoid repeated validity change deltas.
Note: This timestamp is used for recording purposes. Changing it will NOT change
the activation state.
Flags: RAM,runtime,AVals:2
Multiplicity: [0,1]
This defines the state of user or account lock-out. Lock-out means that the account
was temporarily disabled due to failed login attempts or a similar abuse attempt.
This value is usually set by the resource (or midpoint internal authentication code).
It is unlikely that it can be set to the "locked" value. However it usually can be used
to unlock the account by setting this property to "normal" value.
Flags: RAM,runtime
Multiplicity: [0,1]