Automatically Exclude Disable Accounts from Roles

Automatically Exclude Disabled Accounts from Roles

Organizations have to manage very large groups of identities such as "all students at high school X" or "all students in grade Y" and the size of these groups is artificially increased when disabled users are included, making it difficult for an administrator to manage and the system to synchronize with partner applications.

These groups, known in RapidIdentity as “Roles," constitute a set of users that hold a set of privileges in the system (e.g. application access, etc.). Understanding who actually has access to those role-based privileges is far easier for an administrator without, for example, graduated students or former staff members in those membership lists. In addition, every one of those identities needs to be synchronized with the other systems in the customer’s echo system such as Active Directory, and the longer the list, the longer it takes to synchronize.

With this feature enhancement, Tenant Administrators can configure Roles in RapidIdentity to automatically “Exclude Disabled Accounts” from membership. This alleviates the need for administrators to manually remove these disabled accounts while still benefiting from more manageable group lists and avoids having to sift through lists of erroneous disabled accounts when performing role related actions. In addition, RapidIdentity itself will be able to process and synchronize these smaller groups much more efficiently, thus providing reduced synchronization times and improving overall system performance.

Exclude Disabled Accounts only applies to accounts that are added using Dynamic Filters. If the Account is a Static include this checkbox will have no impact on that account even if it is disabled.