Type that defines activation properties. Determines whether something is active (and working) or inactive (e.g. disabled).
It applies to several object types. It may apply to user, account, assignment, etc. The data in this type define if the described concept is active, from when it is active and until when. The "active" means that it works. If something is not active, it should not work or not cause any effect. E.g. inactive user should not be able to log in or run any tasks, the non-active role should not be assigned and if assigned it should not be taken into account when computing the accounts.
| Name | Type | Multiplicity | Description |
|---|---|---|---|
| administrativeStatus |
property ActivationStatusType |
[0,1] | This defines the "administrative state", i. |
| effectiveStatus |
property ActivationStatusType |
[0,1] | This defines the "effective state", i. |
| validFrom |
property dateTime |
[0,1] | A date from which is should the object be considered active. |
| validTo |
property dateTime |
[0,1] | A date to which is should the object be considered active. |
| validityStatus |
property TimeIntervalStatusType |
[0,1] | This property holds the result of validity period computation with respect to the current date and time. |
| disableReason |
property anyURI |
[0,1] | URL that identifies a reason for disable. |
| disableTimestamp |
property dateTime |
[0,1] | Timestamp of last modification of the activation status to the disabled state. |
| enableTimestamp |
property dateTime |
[0,1] | Timestamp of last modification of the activation status to the enabled state. |
| archiveTimestamp |
property dateTime |
[0,1] | Timestamp of last modification of the activation status to the archived state. |
| validityChangeTimestamp |
property dateTime |
[0,1] | Timestamp of last modification of the effective validity state, i. |
| lockoutStatus |
property LockoutStatusType |
[0,1] | This defines the state of user or account lock-out. |
| lockoutExpirationTimestamp |
property dateTime |
[0,1] | Timestamp of a moment when account lockout expires and the account will be normally usable again. |
Flags: RAM,runtime,AVals:3
Multiplicity: [0,1]
This defines the "administrative state", i.e. the administrator's decision. If set, this property overrides any other constraints in the activation type. E.g. if this is set to "enabled" and the object is not yet valid (according to validFrom below), the user should be considered active. If set to "disabled" the user should be considered inactive regardless of other settings.
Therefore this property does NOT define an actual state of the object. It is a kind of "manual override".
If this property is not present then the other constraints in the activation type should be considered.
If the administrative status is not present and there are no other constraints in the activation type or if there is no activation type at all then the object is assumed to be "enabled", i.e. that the described concept is active.
Flags: RAM,runtime,oper,AVals:3
Multiplicity: [0,1]
This defines the "effective state", i.e. the result of combining several activation settings (administrative status, validity dates, etc.).
This holds the result of a computation, therefore it is kind of VIRTUAL property that is recomputed every time. It SHOULD NOT be set directly but it rather should be computed from the values of other activation properties. Therefore it is considered READ ONLY for the high-level code. It may be stored in the repository but in that case it has only an informational value (the effective activation status at the time the object was last updated).
If this property is not present then the computation haven't taken place yet.
Flags: RAM,runtime
Multiplicity: [0,1]
A date from which is should the object be considered active. Not applied if the "enabled" flag is set to any value.
Flags: RAM,runtime
Multiplicity: [0,1]
A date to which is should the object be considered active. Not applied if the "enabled" flag is set to any value.
Flags: RAM,runtime,oper,AVals:3
Multiplicity: [0,1]
This property holds the result of validity period computation with respect to the current date and time. E.g. it specifies whether the entity is before the validity period, in the validity period or after validity period.
This holds the result of a computation, therefore it is kind of VIRTUAL property that is recomputed every time. It SHOULD NOT be set directly but it rather should be computed from the values of validity timestamps and current time. Therefore it is considered READ ONLY for the high-level code. It may be stored in the repository but in that case it has only an informational value (the effective activation status at the time the object was last updated).
If this property is not present then the computation haven't taken place yet.
Flags: RAM,runtime,oper
Multiplicity: [0,1]
URL that identifies a reason for disable. This may be indication that that identity was disabled explicitly, that the disable status was computed or other source of the disabled event.
Flags: RAM,runtime,oper
Multiplicity: [0,1]
Timestamp of last modification of the activation status to the disabled state. Note: This timestamp is used for recording purposes. Changing it will NOT change the activation state.
Flags: RAM,runtime,oper
Multiplicity: [0,1]
Timestamp of last modification of the activation status to the enabled state. Note: This timestamp is used for recording purposes. Changing it will NOT change the activation state.
Flags: RAM,runtime,oper
Multiplicity: [0,1]
Timestamp of last modification of the activation status to the archived state. Note: This timestamp is used for recording purposes. Changing it will NOT change the activation state.
Flags: RAM,runtime,oper
Multiplicity: [0,1]
Timestamp of last modification of the effective validity state, i.e. last time the validity state was recomputed with result that was different than the previous recomputation. It is used to avoid repeated validity change deltas. Note: This timestamp is used for recording purposes. Changing it will NOT change the activation state.
Flags: RAM,runtime,AVals:2
Multiplicity: [0,1]
This defines the state of user or account lock-out. Lock-out means that the account was temporarily disabled due to failed login attempts or a similar abuse attempt.
This value is usually set by the resource (or midpoint internal authentication code). It is unlikely that it can be set to the "locked" value. However it usually can be used to unlock the account by setting this property to "normal" value.
Flags: RAM,runtime
Multiplicity: [0,1]