Is it possible to disable a user account in WSO2 Identity Server 5.0 after a certain period of inactivity? Is there any way to implement this using a REST or SAOP API?
i'm new on WSO2 Identity Server, but I would try this way:
Create a scheduled job.
You can implement it as you want or, for example, you can use WSO2 Task Server features.
The scheduled could call a web service, who implements these steps:
read last login timestamp for each user in IS;
calculate difference from last login timestamp e current timestamp;
populate a list of users to disable;
for each user to disable, call the WSO2 Identity Server Admin Services to "disable operation".
I'don't find the "disable operation" implemented in IS, so i think you could realize a DISABLE status creating a role, called "USER_DISABLED", without login permission or try to remove login permission on the original role of the user.
As I said i'm new on WSO2 IS, but i would try this way.
Sorry for my english.
Bye
Vincenzo F.
You cannot directly disable the user account. what you can do is, you can disable user account by changing the permission of the user in the user group. In order to disable the login account You have to add the particular user to that user group. You can un-check it at the user permission tree.
Find the below steps to change the user permission:
Login to WSO2 IS Management Console.
Click on Configure to access the Configure menu.
From the Configure menu, select Users and Roles.
On the User Management page, click on the Roles link.
Locate the role you want to edit, and click on the Permissions link
associated with it.
On the Permissions of the Role page, deselect permissions assigned
to the role using the check-boxes.
finally click on the Update button to save the alterations.
Related
How to show a custom message page to AWS Kibana users when he logs in first time without any roles assigned
Is there a way i can guide a new user that he doesnt have any roles assigned as of now and he can contact the admin.
Assuming that you are using Cognito for authentication, you can check the documentation to customize the sign-in page.
I want to setup MFA to other IAM users in AWS? Is there a way to do that? I only found that I could force them to authenticate themselves but is there a way for an administrator to setup MFA for other IAM users?
This can be done from the console, but you must be aware that you will need a device to bind it to that the user if they are to be able to login.
To do it you will need to go to the IAM console:
Go to the IAM console
Click the Users menu item.
Click on a User name link
Click the Security credentials tab
Next to the Assigned MFA device label click Manage
You can now sort out the MFA for the user
The administrator would need access to perform this action in IAM.
Just in case you are not aware you can also use the policy on the AWS: Allows MFA-Authenticated IAM Users to Manage Their Own MFA Device on the My Security Credentials Page page to prevent a user from doing anything whilst they do not have an MFA attached.
I dont think so this is possible.
You can enable it for a user but the user needs to go through the steps to establish the MFA.
It defeats the purpose of MFA if a third person has access to it, therefore industry best practice is for a user him/herself to set it up.
MFA details in AWS document link below: https://aws.amazon.com/iam/features/mfa/
Using Google Cloud, there exists a BigQuery View table that queries two projects.
However, on the project where the view is located, we wish to run a query against it from Airflow/Composer. Currently it fails with a 403.
AFAIK it will use the default composer service account - however it doesn't have access to the 2nd project used in the sql of the view.
How do I give composer's service account access to the second project?
Think about a service account like a user account: you have a user email that you authorize on different project and component. Exactly the same thing with the service account email.
The service account belongs to a project. An user account belongs to a domain name/organisation. No real difference at the end.
So, you can use a service account email like any user accounts:
Grant authorization in any project
Add it in Google Groups
Even grant it viewer or editor role on GSuite document (Sheet, Docs, Slides,...) to allow it to access and to read/update these document!! Like any users!
EDIT
With Airflow, you can defined connexions and a default connexion. You can use this connexion in your DAG and thus use the service account that you want.
I think you have to add the service account into project IAM.
I am trying to create a docker on AWS. I have created a an account and now I am stuck on this page:
It asks for account ID and IAM username. I do not know my ID. Where is it?
On AWS docs it says log into your account and go to support center, but the support center login requires this same screen. Please let me know if I am doing something wrong.
Click the Sign-in using root account credentials link on the sign-in page and you will be prompted for an email address and password.
This will login as the Root account, which is all-powerful. In fact, it is so powerful that the recommendation is that you should immediately create a new IAM User, assign it Admin permissions and then never use the Root login again. You can assign Admin permissions by attaching the policy called AdministratorAccess.
While you are in the IAM console, you can create an account alias that you can use when logging in via the screen you have shown. It will also give you a URL you can use to access the correct sign-in page in future.
I installed WSO2 Identity server and logged in using admin/admin, but under home pane, I am not able to see SAML SSO, OAuth entries under Manage category. Any help will be appreciated. Thanks
Did you try to login as "admin", to create a new role and validate the list of permission settings visible under this role (see icon permissions). A tree with checkboxes should be visible defining the permission level for each role, by this defining the permissions inherited to the account. Once the role is defined, create and add a user account to this role. Logout and login with the new administrator userid and hopefully you will see all options on the menu.