This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How do you resync idpusers, when the onbase users have been deleted\deactivated and recreated?

Thomas_Reu
Elite Collaborator
Elite Collaborator

‎07-27-2023 09:22 AM

Occasionally we have a user corruption issue in onbase.  This is easily solved by deleting the onbase user via the config tool and letting the clients' next login recreate the user from active directory (AD).  This works great for Unity, Web and Thick Client.  However, if you do this and the client has an idp client, then idp goes out to lunch, for that user, since idp still wants to use the old deactivated account.   

 

From a tech point of view, if you open the db table:  hsiidp.idpusers, you'll notice the scim_user_id is still using the old/deactivated usernum from the hsi.useraccount table rather than the new usernum, from the recreated user.   Since IDP is using the old deactivated account, it generates the obvious error: "Failed to connect.  User xyz-<oldid > (DEACTIVATED )does not belong to any groups.

 

Enabling  "User Provisioning Create Enabled" and\or "User Provisioning Update Enabled" is ignored. 

 

Is there another flag, I can set, that allows onbase users to resync with IDP or do we have to contact our FLOS\Hyland to to delete the record in the idpusers table, so the user can be recreated correctly, or is there another solution?

 

Regards

 

0 Kudos
4 REPLIES 4

AdamShaneHyland
Employee
Employee

‎07-27-2023 01:22 PM

Hi @Tom ,  

 

Likely you'll need to work with support on this. 

 

OnBase Config does not have any concept of the HSIIDP schema used by the Hyland IDP.  The hsiidp.IdpUsers table is used to map a unique ID from SAML to a user in OnBase.  If you delete the user in OnBase Config, the hsi.useraccount table will be updated to deactivate in the user account table.  I believe the hsiidp.IdpUsers table should be updated with the appropriate usernum in OnBase.

 

If this is not what you are seeing, please contact your FLOS. 

 

Best wishes.

0 Kudos

Nelson_Porrata1
Champ in-the-making
Champ in-the-making
In response to AdamShaneHyland

‎07-12-2024 03:33 AM

Hi Adam,

 

I see that this exchange is from a year ago. A year later, if we have the same problem, do we still need to contact our FLOS\Hyland to take care of this or is there currently another solution for this?

 

Best regards,

0 Kudos

Thomas_Reu
Elite Collaborator
Elite Collaborator

‎07-27-2023 02:15 PM

Thanks Adam.  I already have a ticket open with our FLOS.  I was hoping this might just be a config issue that could easily be resolved with a community post.  Based on your response, this does not appear to be the case.  Thanks for the clarification.  

0 Kudos

AdamShaneHyland
Employee
Employee
In response to Thomas_Reu

‎07-31-2023 06:35 AM

No problem @Tom .

 

Good luck.

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC